蘋果發文反擊谷哥：別在那邊誇大其詞帶風向 by Brian Fang on 9/07/2019 最近美國 Google 公司旗下的安全團隊 Project Zero，發布了 iPhone 存在一系列安全漏洞報告，可被惡意網站利用來盜取用戶訊息。Apple 公司今天發布了一篇「有關 iOS 安全性的訊息」聲明回應，表示 Google 提到的漏洞複雜攻擊範圍很狹隘，並非大規模的安全漏洞，對於大多數人來說沒有太大威脅。 Apple 希望確保所有用戶都了解事實，無論攻擊規模如何，我們都非常重視所有用戶的安全。其次，所有證據表明，這些網站攻擊只能在短時間內運行，大約兩個月，而不是 Google 暗示的“兩年”，而且我們在 2 月修復了有問題的漏洞。 Google 利用 Project Zero 研究來反擊 Apple 主打的隱私權行銷，因為 Google 主要的業務收入是記錄用戶的網路瀏覽行為和個人資訊，然後放送精準的廣告。 Apple 表示：「安全是一個永無止境的旅程，我們的客戶可以確信我們正在為他們工作。iOS 安全性是無與倫比的，因為我們對硬體和軟體的安全性負有端到端的責任。」 Copyright 愛瘋日報 https://www.iphonetaiwan.org/2019/09/a-message-about-ios-security.html ------------ 官方 Newsroom 網頁： https://www.apple.com/newsroom/2019/09/a-message-about-ios-security/ （目前台灣網站還沒發新聞，之後有的話即補充。） Last week, Google published a blog about vulnerabilities that Apple fixed for iOS users in February. We’ve heard from customers who were concerned by some of the claims, and we want to make sure all of our customers have the facts. First, the sophisticated attack was narrowly focused, not a broad-based exploit of iPhones “en masse” as described. The attack affected fewer than a dozen websites that focus on content related to the Uighur community. Regardless of the scale of the attack, we take the safety and security of all users extremely seriously. Google’s post, issued six months after iOS patches were released, creates the false impression of “mass exploitation” to “monitor the private activities of entire populations in real time,” stoking fear among all iPhone users that their devices had been compromised. This was never the case. Second, all evidence indicates that these website attacks were only operational for a brief period, roughly two months, not “two years” as Google implies. We fixed the vulnerabilities in question in February — working extremely quickly to resolve the issue just 10 days after we learned about it. When Google approached us, we were already in the process of fixing the exploited bugs. Security is a never-ending journey and our customers can be confident we are working for them. iOS security is unmatched because we take end-to-end responsibility for the security of our hardware and software. Our product security teams around the world are constantly iterating to introduce new protections and patch vulnerabilities as soon as they’re found. We will never stop our tireless work to keep our users safe. 蘋果少見會特別發新聞澄清事件， 看來的確是很在意被指控不安全， 蘋果之後又要推出 Sign In with Apple， 某書跟其它各種靠使用者隱私數據來賣廣告的公司真的要氣炸。 -- ※ 發信站: 批踢踢實業坊(ptt.cc), 來自: 220.133.14.178 (臺灣) ※ 文章網址: https://www.ptt.cc/bbs/iOS/M.1567888830.A.3AA.html 出現了 說 Google Project Zero 不是 Google 的 htc 使用者八卦板板主 使出次元切割刀+9 ※ 編輯: kouta (220.133.14.178 臺灣), 09/09/2019 04:40:04