One of the world’s most evasive digital arms dealers is believed to have been taking advantage of three security vulnerabilities in popular Apple products in its efforts to spy on dissidents and journalists.据信，一家归属于全球渗透性最弱之列的数字武器交易商，仍然在利用热卖的苹果(Apple)产品中的三个安全漏洞，来监控异议人士人士和新闻工作者。Investigators discovered that a company called the NSO Group, an Israeli outfit that sells software that invisibly tracks a target’s mobile phone, was responsible for the intrusions.调查人员找到，这个取名为NSO集团(NSO Group)的以色列公司对多起侵略事件负有责任。The NSO Group’s software can read text messages and emails and track calls and contacts. It can even record sounds, collect passwords and trace the whereabouts of the phone user.该公司销售的软件需要在无形中跟踪目标的移动电话、加载短信和电子邮件、跟踪通话和联系人信息，甚至还能记录声音、搜集密码并跟踪手机用户的行踪。

In response, Apple on Thursday released a patched version of its mobile software, iOS 9.3.5. Users can get the patch through a normal software update.作为对此，苹果周四公布了经过修缮的移动软件版本iOS 9.3.5。用户可通过长时间的软件升级提供补丁。Apple fixed the holes 10 days after a tip from two researchers, Bill Marczak and John Scott Railton, at Citizen Lab at the University of Toronto’s Munk School of Global Affairs, and Lookout, a San Francisco mobile security company.在接到来自多伦多大学(University of Toronto)蒙克全球事务学院(Munk School of Global Affairs)“公民实验室”(Citizen Lab)的研究人员比尔马尔切克(Bill Marczak)和约翰斯科特雷尔顿(John Scott Railton)，以及旧金山移动安全性公司Lookout的警告十天后，苹果修缮了涉及漏洞。

“We advise all of our customers to always download the latest version of iOS to protect themselves against potential security exploits,” said Fred Sainz, a company spokesman.“我们建议全体顾客坚决iTunes近期版本的iOS，以维护自己靠近潜在的安全漏洞，”苹果公司的发言人弗雷德赛恩斯(Fred Sainz)说道。In interviews and manuals, the NSO Group’s executives have long boasted that their spyware worked like a “ghost,” tracking the moves and keystrokes of its targets, without leaving a trace. But until this month, it was not clear how exactly the group was monitoring its targets, or who exactly it was monitoring.在专访和产品使用手册中，NSO集团的高管长年炫耀道，他们的间谍软件工作时就像“幽灵”一样，在跟踪目标的动作和按键时，会留给一丝痕迹。

但在本月之前，外界并不知道该集团到底是如何监控目标的，也不告诉它究竟在监控谁。A clearer picture began to emerge on Aug. 10, when Ahmed Mansoor, a prominent human rights activist in the United Arab Emirates, who has been tracked by surveillance software several times, began receiving suspicious text messages. The messages purported to contain information about the torture of U.A.E. citizens.8月10日，当多次被监控软件追踪的阿拉伯联合酋长国知名人权活动人士艾哈迈德曼苏尔(Ahmed Mansoor)开始接到怀疑短信时，更加明晰的画面开始显露。那些短信声称包括有关阿联酋公民被刑讯逼供的信息。

Mr. Mansoor passed the messages to researchers at the Citizen Lab, who confirmed they were an attempt to track him through his iPhone.曼苏尔把短信转交了“公民实验室”的研究人员。后者证实，有人企图通过他的手机追踪他。This latest effort was far more sophisticated than what was found aimed at his devices before. The researchers found it was connecting to 200 servers, several of them registered to the NSO Group. Strewn throughout the spyware code were references to Pegasus, the name of an NSO Group spyware product.近期这次行动，远比以前找到的针对曼苏尔的设备所采行的行动更加简单。研究人员找到，它和200台服务器连接，其中几台注册在NSO集团的名下。

间谍软件代码中多次提及Pegasus，这是NSO集团一款监控软件产品的名字。Citizen Lab brought in Lookout to help examine the code. Together, they discovered that the spyware relied on three previously unknown iOS vulnerabilities — called “zero days” because Apple didn’t know about them and had zero days to patch them.“公民实验室”请求Lookout来帮助研究这些代码。他们在合作中找到，这款间谍软件倚赖之前不为人知的三个iOS安全漏洞。

它们被叫作“零日”(zero days)，因为苹果不告诉它们，没有花上哪怕一天时间去修缮它们。

本文来源：开云-www.sdhrhbkj.com