First, the sophisticated attack was narrowly focused, not a
broad-based exploit of iPhones “en masse” as described. The attack
affected fewer than a dozen websites that focus on content related
to the Uighur community. Regardless of the scale of the attack, we
take the safety and security of all users extremely seriously.
Google’s post, issued six months after iOS patches were released,
creates the false impression of “mass exploitation” to “monitor
the private activities of entire populations in real time,”
stoking fear among all iPhone users that their devices had been
compromised. This was never the case.
Second, all evidence indicates that these website attacks were
only operational for a brief period, roughly two months, not “two
years” as Google implies.
Reading between the lines here, what Apple is pushing back on is the fact that Google’s report on this attack against the Uyghur community only mentioned iOS. Coverage of Google’s report created the impression that only iOS users were hacked, when in fact, the Chinese government also exploited Windows and Android users, and that these exploits may have been targeting people everywhere.
Conspicuously unmentioned in Apple’s response: “China”.