作者kouta (ΦωΦ)
看板iOS
标题[讨论] 苹果发文反击谷哥:别在那边夸大其词带
时间Sun Sep 8 04:40:26 2019
苹果发文反击谷哥:别在那边夸大其词带风向
by Brian Fang on 9/07/2019
最近美国 Google 公司旗下的安全团队 Project Zero,发布了 iPhone 存在一系列安全漏洞报告,可被恶意网站利用来盗取用户讯息。Apple 公司今天发布了一篇「有关 iOS 安全性的讯息」声明回应,表示 Google 提到的漏洞复杂攻击范围很狭隘,并非大规模的安全漏洞,对於大多数人来说没有太大威胁。
Apple 希望确保所有用户都了解事实,无论攻击规模如何,我们都非常重视所有用户的安全。其次,所有证据表明,这些网站攻击只能在短时间内运行,大约两个月,而不是 Google 暗示的“两年”,而且我们在 2 月修复了有问题的漏洞。
Google 利用 Project Zero 研究来反击 Apple 主打的隐私权行销,因为 Google 主要的业务收入是记录用户的网路浏览行为和个人资讯,然後放送精准的广告。
Apple 表示:「安全是一个永无止境的旅程,我们的客户可以确信我们正在为他们工作。iOS 安全性是无与伦比的,因为我们对硬体和软体的安全性负有端到端的责任。」
Copyright 爱疯日报
https://www.iphonetaiwan.org/2019/09/a-message-about-ios-security.html
------------
官方 Newsroom 网页:
https://www.apple.com/newsroom/2019/09/a-message-about-ios-security/
(目前台湾网站还没发新闻,之後有的话即补充。)
Last week, Google published a blog about vulnerabilities that Apple fixed for iOS users in February. We’ve heard from customers who were concerned by some of the claims, and we want to make sure all of our customers have the facts.
First, the sophisticated attack was narrowly focused, not a broad-based exploit of iPhones “en masse” as described. The attack affected fewer than a dozen websites that focus on content related to the Uighur community. Regardless of the scale of the attack, we take the safety and security of all users extremely seriously.
Google’s post, issued six months after iOS patches were released, creates the false impression of “mass exploitation” to “monitor the private activities of entire populations in real time,” stoking fear among all iPhone users that their devices had been compromised. This was never the case.
Second, all evidence indicates that these website attacks were only operational for a brief period, roughly two months, not “two years” as Google implies. We fixed the vulnerabilities in question in February — working extremely quickly to resolve the issue just 10 days after we learned about it. When Google approached us, we were already in the process of fixing the exploited bugs.
Security is a never-ending journey and our customers can be confident we are working for them. iOS security is unmatched because we take end-to-end responsibility for the security of our hardware and software. Our product security teams around the world are constantly iterating to introduce new protections and patch vulnerabilities as soon as they’re found. We will never stop our tireless work to keep our users safe.
苹果少见会特别发新闻澄清事件,
看来的确是很在意被指控不安全,
苹果之後又要推出 Sign In with Apple,
某书跟其它各种靠使用者隐私数据来卖广告的公司真的要气炸。
--
※ 发信站: 批踢踢实业坊(ptt.cc), 来自: 220.133.14.178 (台湾)
※ 文章网址: https://webptt.com/cn.aspx?n=bbs/iOS/M.1567888830.A.3AA.html
1F:推 abramtw: 就不要靠google抓漏洞啊 09/08 07:14
2F:→ skychy: 是google主动会去抓别人漏洞,因为他要个资来投广告 09/08 09:44
3F:→ botdf: 二楼你要不要去搞清楚Project Zero的处理原则再来讲? 09/08 10:22
4F:推 ReDmango: 二楼笑死 09/08 11:36
5F:推 a100900: 二楼秀智商 09/08 13:24
6F:推 dabochi: 那Google也抓抓自家的洞吧(茶) 09/08 14:50
7F:→ ReDmango: 二楼跟原PO一个样 09/08 17:45
出现了 说 Google Project Zero 不是 Google 的 htc 使用者八卦板板主
使出次元切割刀+9
8F:推 live363789: 每当我google了什麽网站 广告全部变成那个网页 09/08 19:53
9F:→ live363789: 还要担心别人看到自己的广告 造成不必要的误会 09/08 19:54
10F:推 jasonpttt: google就是来乱的XD 09/09 02:53
※ 编辑: kouta (220.133.14.178 台湾), 09/09/2019 04:40:04
11F:推 a1121210: 不要森七七了 09/09 09:27
12F:推 IloveBlack2: 被打脸就很生气的原PO,有趣. 09/09 09:48