苹果手机现安全漏洞
导读:近日,有机构在苹果iOS系统中发现了一个漏洞,通过点击链接,黑客可以在用户设备中安装间谍软件。
The discovery was made after a human rights lawyer alerted security researchers to unsolicited text messages he had received.
该漏洞发现的起因我一名人权律师向安全研究人员报告,说他收到了来路不明的短信。
They discovered three previously unknown flaws within Apple’s code.
安全研究人员在苹果的代码中发现了三个之前没有查明的漏洞。
Apple has since released a software update that addresses the problem.
自该问题被爆出后,苹果已经发布了一份软件更新来解决这个问题。
The two security firms involved, Citizen Lab and Lookout, said they had held back details of the discovery until the fix had been issued.
据发现漏洞的两家安全公司“公民实验室”和“瞭望台”表示说,在苹果发布修复补丁之前他们一直保守着发现的细节没有泄密。
Rare attack
罕见的攻击。
The lawyer, Ahmed Mansoor, received the text messages on 10 and 11 August.
涉事律师阿姆哈德·曼苏尔分别在8月10日和11日收到了不明短信。
The texts promised to reveal "secrets" about people allegedly being tortured in the United Arab Emirates (UAE)’s jails if he tapped the links.
这些短信保证说,如果曼苏尔点击链接,就可以知道关押在阿联酋监狱中的人被折磨的“秘密”。
Had he done so, Citizen Lab says, his iPhone 6 would have been "jailbroken", meaning unauthorised software could have been installed.
公民实验室的人表示说,如果曼苏尔这样做了的话,他的iPhone 6就会被“越狱”,意味着未经授权的软件可以安装在他的手机中。
"once infected, Mansoor’s phone would have become a digital spy in his pocket, capable of employing his iPhone’s camera and microphone to snoop on activity in the vicinity of the device, recording his WhatsApp and Viber calls, logging messages sent in mobile chat apps, and tracking his movements," said Citizen Lab.
公民实验室表示说:“一旦被感染病毒,曼苏尔的手机就会变成一个装在他口袋里的电子间谍,可以用iPhone的摄像头和麦克风来窥探发生在设备周围的活动,记录下他的WhatsApp和Viber calls,获取手机聊天软件发送的信息,并且跟踪他的行动。”
"We are not aware of any previous instance of an iPhone remote jailbreak used in the wild as part of a targeted attack campaign, making this a rare find."
“这个发现很罕见,因为在以前的针对性攻击活动中,从来没有远程越狱iPhone的实例。”
The researchers say they believe the spyware involved was created by NSO Group, an Israeli "cyber-war" company.
研究人员们表示说,他们认为本案的间谍软件是由以色列“网络战争”公司NSO集体开发的。
"[It is] the most sophisticated spyware package we’ve seen," said Lookout.
瞭望台表示说:“这是我们见过的最精密的间谍软件包。”
"It takes advantage of how integrated mobile devices are in our lives and the combination of features only available on mobile - always connected (wi-fi, 3G/4G), voice communications, camera, email, messaging, GPS, passwords, and contact lists."
“它利用了手机在我们生活中被密集使用这一特性、以及只有在手机上才有的特征组合--经常连接(wifi,3G/4G网络)、语音通信、相机、电子邮件、短信、GPS、密码和联系人列表。
NSO has issued a statement acknowledging that it makes technology used to "combat terror and crime" but said it had no knowledge of any particular incidents and made no reference to the specific spyware involved.
NSO已经发表了一份声明,承认他们用技术来“打击恐怖和犯罪”,但是也表示说他们不知晓任何特定事件,也没有参与到任何特别的间谍软件中来。
"These are rather rare zero-day flaws," commented security expert Prof Alan Woodward, referring to the technical name for previously unknown vulnerabilities.
安全专家艾伦教授评论说道:“这些是非常罕见的‘零日’漏洞(指以前不被人所知的漏洞的技术名)”。
"To have several found at once is even rarer. As can be seen from how these have been exploited to date, it represents a serious threat to the security and privacy of iOS users.
“一次发现的漏洞有这么多就更加罕见了。从这些漏洞一直被利用直到现在才被发现这件事看来,iOS系统用户的安全和隐私受到了严重的威胁。”
"Apple has been remarkably responsive in providing fixes for these issues, so I would encourage any iOS users to update to the latest version of the operating system."
“苹果公司在为这些漏洞提供修复补丁一事上反应得非常迅速,因此我建议所有iOS用户都更新成最新版本的操作系统。”
