评论
打印
Apple has rushed out a software patch for a string of iPhone security vulnerabilities which researchers say have been used by various governments around the world to eavesdrop on activists and journalists.
苹果(Apple)急匆匆地发布了一个修补iPhone一连串安全漏洞的软件补丁。研究人员表示,全球多个国家的政府已利用这些漏洞来对活动人士和新闻工作者实施监听。
The simultaneous exploitation of three flaws in Apple’s iOS software is highly unusual and marks a new level of sophistication in hacking techniques targeting smartphones.
对苹果iOS软件的三个漏洞同时加以利用是极不寻常的,这标志着以智能手机为攻击目标的黑客技术的先进程度已达到一个新的水平。
Thursday’s iOS update, which plugs all three holes, was issued a week and a half after Apple was contacted by researchers at Lookout, a San Francisco-based mobile security firm, and the University of Toronto’s Citizen Lab.
苹果周四发布的iOS更新修补了全部三个漏洞。一周半之前,旧金山移动安全公司Lookout和多伦多大学(University of Toronto)公民实验室(Citizen Lab)的研究人员就此问题联系了苹果。
The researchers were alerted to the attack by Ahmed Mansoor, a human-rights campaigner based in the United Arab Emirates, after he received a text message containing a link which, if he had clicked on it, would have given hackers almost total control of his iPhone 6.
这些研究人员是经阿联酋人权活动家艾哈迈德•曼苏尔(Ahmed Mansoor)提醒注意到这一攻击的。曼苏尔曾收到一条包含链接的短信,如果他点了那个链接,黑客就会获得对他的iPhone 6的几乎全部控制权。
An Israeli start-up called NSO Group, which sells its spyware only to governments, is believed to be behind the hacking tools used to target Mr Mansoor and others. Such tools can sell for as much as $1m. NSO did not respond to requests for comment.
这一用来瞄准曼苏尔等人的黑客工具,据信出自一家名为NSO Group的以色列创业型企业。该公司只面向政府销售其间谍软件。这类工具的售价可高达100万美元。NSO未回复记者的置评请求。
“Once infected, Mansoor’s phone would have become a digital spy in his pocket, capable of employing his iPhone’s camera and microphone to snoop on activity in the vicinity of the device, recording his WhatsApp and Viber calls,
“一旦被感染,曼苏尔的手机将成为他口袋中的一个数字间谍,能够调用他iPhone的摄像头和麦克风去窥探这部设备附近的活动,录下他WhatsApp和Viber的通话,
logging messages sent in mobile chat apps, and tracking his movements,” Citizen Lab wrote in a post on Thursday.
记录移动聊天应用发送的信息,追踪他的行踪。”公民实验室周四在一则公示上写道,
“We are not aware of any previous instance of an iPhone remote jailbreak used in the wild as part of a targeted attack campaign, making this a rare find.”
“我们未注意到此前有过任何为发动定向攻击行动而在自然环境下遥控越狱iPhone的情况,所以这次发现很罕见。”
Both groups praised the speed of Apple’s response, although it is unclear how long the flaws existed before they were detected.
两家机构都赞扬了苹果的反应速度,尽管人们不清楚这些漏洞在被发现前已存在了多久。
“We were made aware of this vulnerability and immediately fixed it with iOS 9.3.5,” Apple said. “We advise all of our customers to always download the latest version of iOS to protect themselves against potential security exploits.”
“我们知道这一漏洞后立刻发布了iOS 9.3.5对其进行修复。”苹果表示,“我们建议所有用户总是下载最新版本的iOS,保护自己免受潜在的安全攻击。”
