More to the point, how does Apple know that was the only attack being carried out? The only known attack, perhaps.
The exploits were meant to operate on devices running as far back as iOS 10, spurring Project Zero to assume the attackers were active for 2 years. That's a bit of a guess. The bug could have been discovered 1 year ago and backported to cover the widest number of victims. Then Apple retorts that the website that was discovered had only been around for 2 months. But they can't know if there wasn't an earlier site using the same bugs. And nobody can say for sure that there aren't other sites as yet undiscovered.
You can pick your poison what level of paranoia is appropriate. But I find the turf war since this was published to be unsightly. Why does Apple feel compelled to defend anything? Why do Apple advocates keep making accusations that Google is bad? (As if Google being bad automatically translates to Apple is good.)
The measured response would be to say, "Yup, security is hard. Really hard. Look even we sometimes make mistakes." Instead I'm only reading excuses that attempt to uphold a fiction that Apple devices are devoid of security flaws.
And if you think the people who work for Google are being petty by overstating an Apple 0-day, is being equally petty really the best response?
The exploits were meant to operate on devices running as far back as iOS 10, spurring Project Zero to assume the attackers were active for 2 years. That's a bit of a guess. The bug could have been discovered 1 year ago and backported to cover the widest number of victims. Then Apple retorts that the website that was discovered had only been around for 2 months. But they can't know if there wasn't an earlier site using the same bugs. And nobody can say for sure that there aren't other sites as yet undiscovered.
You can pick your poison what level of paranoia is appropriate. But I find the turf war since this was published to be unsightly. Why does Apple feel compelled to defend anything? Why do Apple advocates keep making accusations that Google is bad? (As if Google being bad automatically translates to Apple is good.)
The measured response would be to say, "Yup, security is hard. Really hard. Look even we sometimes make mistakes." Instead I'm only reading excuses that attempt to uphold a fiction that Apple devices are devoid of security flaws.
And if you think the people who work for Google are being petty by overstating an Apple 0-day, is being equally petty really the best response?