Apple just released a statement about the iOS exploits that Google’s Project Zero found, to allay fears that customers may have.
Google’s blog post was about the technical aspects of the exploits. It didn’t give information on which websites had them. Apple says that the attacks were very focused, and not a broad attack on Apple customers. The websites in question had content related to the Uighur Muslim community.
Security is a never-ending journey and our customers can be confident we are working for them. iOS security is unmatched because we take end-to-end responsibility for the security of our hardware and software. Our product security teams around the world are constantly iterating to introduce new protections and patch vulnerabilities as soon as they’re found. We will never stop our tireless work to keep our users safe.
Second, Apple says the attacks lasted about two months, and not two years like Google suggested. Apple fixed the iOS vulnerabilities 10 days after they were reported.