BuzzFeed News World Correspondent

World

An Israeli company has been selling software to state governments that allows them to easily infiltrate an iPhone, according to a new report published Thursday.

[SUBBUZZ 9509532]SAN FRANCISCO — Apple rushed out a new security update for iPhones Thursday after it was revealed that an Israeli company had been selling and exploiting security vulnerabilities to Apple products. The Israeli NSO Group, a company so secretive it has <a href="https://motherboard.vice.com/read/government-hackers-iphone-hacking-jailbreak-nso-group">repeatedly</a> changed its name to avoid notice, was selling software to state governments that was then used to infiltrate iPhones, gaining access to text messages, emails, contacts, and calls, according to a <a href="https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/">new report</a> released Thursday by researchers at Citizen Lab, an interdisciplinary group at the University of Toronto, and Lookout, a San Francisco mobile security company.The vulnerabilities, known as “zero days” because they were previously unknown to Apple, grant total access to an iPhone through a spear-phishing text message. Those text messages were designed to mimic the types of message a user might receive from a legitimate site, said the report. Among those impersonated to get users to click on the links: the Red Cross, Facebook, Google, and even the Pokémon Company. Once clicked, the message downloaded malware, which gave the attackers total access to the phone."We were made aware of this vulnerability and immediately fixed it with iOS 9.3.5," Apple said in a statement provided to BuzzFeed News. "We advise all of our customers to always download the latest version of iOS to protect themselves against potential security exploits."Lookout’s vice president of research, Mike Murray, <a href="https://motherboard.vice.com/read/government-hackers-iphone-hacking-jailbreak-nso-group">told</a> Motherboard that NSO was “basically a cyber arms dealer,” and that the type of malware used by NSO had never been seen before. “We realized that we were looking at something that no one had ever seen in the wild before. Literally a click on a link to jailbreak an iPhone in one step,” Murray told Motherboard. “One of the most sophisticated pieces of cyber espionage software we’ve ever seen.”An NSO Group spokesperson did not answer a request for comment by BuzzFeed News. An NSO Group spokesman <a href="http://www.nytimes.com/2016/08/26/technology/apple-software-vulnerability-ios-patch.html?_r=0">told</a> the New York Times in an email, “The company sells only to authorized governmental agencies, and fully complies with strict export control laws and regulations.”The malware used by NSO was discovered when Ahmed Mansoor, a 46-year-old human rights activist from the United Arab Emirates, noticed a strange text message on the morning of Aug. 10. Mansoor, who had previously been a victim of government cyber-espionage with tools purchased for FinFisher and Hacking Team — companies that compete with NSO — was suspicious of the message and forwarded it to Citizen Lab.The report found that other NSO targets included activists and journalists in Yemen, Turkey, Mozambique, Mexico, Kenya, and the UAE. Zero days are often sold to private companies and governments eager to break into devices in backroom deals that can net millions of dollars. Flaws in Apple’s iOS system are rare; in one public sale last year, the cybersecurity company Zerodium bought a zero-day exploit for an iPhone for $1 million.

Une entreprise israélienne vend un logiciel aux gouvernements fédéraux qui leur permet de facilement infiltrer un iPhone, selon un nouveau rapport publié jeudi.

[INSERT 1] SAN FRANCISCO - Apple a lancé en catastrophe une nouvelle mise à jour de sécurité pour les iPhones jeudi, après avoir appris qu'une entreprise israélienne exploitait les failles de sécurité des produits Apple. L'entreprise israélienne NSO Group, entreprise si secrète qui a dû <a href="https://motherboard.vice.com/read/government-hackers-iphone-hacking-jailbreak-nso-group"> à maintes reprises </a> changer de nom pour éviter de se faire remarquer, vendait un logiciel aux gouvernements fédéraux dont ils se servaient ensuite pour infiltrer les iPhones, permettant ainsi d'avoir accès aux sms, aux mails, aux contacts et aux appels, selon un <a href="https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/"> nouveau rapport </a> publié jeudi par des chercheurs du Citizen Lab, un groupe interdisciplinaire à l'université de Toronto, et de Lookout, une entreprise de sécurité mobile à San Francisco. Les failles, connues sous le nom de «zero- days», car elles étaient jusque là inconnues de Apple, permettent d'obtenir l'accès total à l'iPhone grâce à un harponnage par sms. Ces sms ont été conçus pour imiter les types de messages qu'un utilisateur pourrait recevoir de la part d'un site légitime, explique le rapport. Afin que les utilisateurs cliquent sur les liens, on leur envoie des imitations de messages qui auraient pu être envoyés par, entre autres, la Croix rouge, Facebook, Google et même la Pokémon Company. Un fois que l'on clique sur le liens, le message télécharge un programme malveillant, ce qui donne aux attaquants l'accès total au téléphone. «Nous avons été avertis de cette faille et nous l'avons immédiatement corrigée avec iOS 9.3.5.», a dit Apple dans une déclaration pour BuzzFeed News. «Nous conseillons à tous nos clients de toujours télécharger la dernière version d'iOS afin de se protéger contre les exploits de sécurité potentiels.»
 Le vice-président de la recherche de Lookout, Mike Murray, <a href="https://motherboard.vice.com/read/government-hackers-iphone-hacking-jailbreak-nso-group"> a dit </a> à Motherboard que NSO était «en gros un trafiquant de cyber armes», et que le type de programme malveillant utilisé par NSO n'avait jamais été vu auparavant. «Nous nous sommes rendu compte que nous avions en face de nous quelque chose que personne n'avait jamais vu dans la pratique. Il fallait littéralement cliquer sur un lien pour débrider un iPhone en une seule étape», a dit Mike Murray à Motherboard . «L'un des logiciels de cyber espionnage les plus sophistiqués que nous ayons vus.» Un porte-parole de NSO Group n'a pas répondu à la demande de commentaires de BuzzFeed News. Un porte-parole de NSO Group <a href="http://www.nytimes.com/2016/08/26/technology/apple-software-vulnerability-ios-patch.html?_r=0"> a dit </a> dans un mail envoyé au New York Times : «L'entreprise vend seulement aux agences gouvernementales autorisées et est parfaitement conforme aux lois et aux réglementations strictes sur le contrôle des exportations.» Le programme malveillant utilisé par NSO a été découvert lorsque Ahmed Mansoor, militant des droits de l'homme de 46 ans des Émirats Arabes Unis, a remarqué un sms étrange le 10 août au matin. Ahmed Mansoor, qui avait été auparavant victime de cyber espionnage gouvernemental avec des outils achetés chez FinFisher et Hacking Team - des entreprises concurrençant NSO - a trouvé le message suspect et l'a fait suivre au Citizen Lab. Le rapport a découvert que d'autres cibles de NSO comprenaient des militants et des journalistes au Yémen, en Turquie, au Mozambique, au Mexique, au Kenya et aux Émirats Arabes Unis. Les zero-days sont souvent vendus aux entreprises privées et aux gouvernements désireux de s'introduire dans les appareils lors d'ententes secrètes pouvant rapporter des millions de dollars. Les failles dans le système iOS d'Apple sont rares; lors d'une vente publique l'année dernière, l'entreprise de cyber sécurité Zerodium a acheté un exploit zero-day pour un iPhone pour un million de dollars.

SAN FRANCISCO - Apple a lancé en catastrophe une nouvelle mise à jour de sécurité pour les iPhones jeudi, après avoir appris qu'une entreprise israélienne exploitait les failles de sécurité des produits Apple. L'entreprise israélienne NSO Group, entreprise si secrète qui a dû <a href="https://motherboard.vice.com/read/government-hackers-iphone-hacking-jailbreak-nso-group"> à maintes reprises </a> changer de nom pour éviter de se faire remarquer, vendait un logiciel aux gouvernements fédéraux dont ils se servaient ensuite pour infiltrer les iPhones, permettant ainsi d'avoir accès aux sms, aux mails, aux contacts et aux appels, selon un <a href="https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/"> nouveau rapport </a> publié jeudi par des chercheurs du Citizen Lab, un groupe interdisciplinaire à l'université de Toronto, et de Lookout, une entreprise de sécurité mobile à San Francisco. Les failles, connues sous le nom de «zero- days», car elles étaient jusque là inconnues de Apple, permettent d'obtenir l'accès total à l'iPhone grâce à un harponnage par sms. Ces sms ont été conçus pour imiter les types de messages qu'un utilisateur pourrait recevoir de la part d'un site légitime, explique le rapport. Afin que les utilisateurs cliquent sur les liens, on leur envoie des imitations de messages qui auraient pu être envoyés par, entre autres, la Croix rouge, Facebook, Google et même la Pokémon Company. Un fois que l'on clique sur le liens, le message télécharge un programme malveillant, ce qui donne aux attaquants l'accès total au téléphone. «Nous avons été avertis de cette faille et nous l'avons immédiatement corrigée avec iOS 9.3.5.», a dit Apple dans une déclaration pour BuzzFeed News. «Nous conseillons à tous nos clients de toujours télécharger la dernière version d'iOS afin de se protéger contre les exploits de sécurité potentiels.»
 Le vice-président de la recherche de Lookout, Mike Murray, <a href="https://motherboard.vice.com/read/government-hackers-iphone-hacking-jailbreak-nso-group"> a dit </a> à Motherboard que NSO était «en gros un trafiquant de cyber armes», et que le type de programme malveillant utilisé par NSO n'avait jamais été vu auparavant. «Nous nous sommes rendu compte que nous avions en face de nous quelque chose que personne n'avait jamais vu dans la pratique. Il fallait littéralement cliquer sur un lien pour débrider un iPhone en une seule étape», a dit Mike Murray à Motherboard . «L'un des logiciels de cyber espionnage les plus sophistiqués que nous ayons vus.» Un porte-parole de NSO Group n'a pas répondu à la demande de commentaires de BuzzFeed News. Un porte-parole de NSO Group <a href="http://www.nytimes.com/2016/08/26/technology/apple-software-vulnerability-ios-patch.html?_r=0"> a dit </a> dans un mail envoyé au New York Times : «L'entreprise vend seulement aux agences gouvernementales autorisées et est parfaitement conforme aux lois et aux réglementations strictes sur le contrôle des exportations.» Le programme malveillant utilisé par NSO a été découvert lorsque Ahmed Mansoor, militant des droits de l'homme de 46 ans des Émirats Arabes Unis, a remarqué un sms étrange le 10 août au matin. Ahmed Mansoor, qui avait été auparavant victime de cyber espionnage gouvernemental avec des outils achetés chez FinFisher et Hacking Team - des entreprises concurrençant NSO - a trouvé le message suspect et l'a fait suivre au Citizen Lab. Le rapport a découvert que d'autres cibles de NSO comprenaient des militants et des journalistes au Yémen, en Turquie, au Mozambique, au Mexique, au Kenya et aux Émirats Arabes Unis. Les zero-days sont souvent vendus aux entreprises privées et aux gouvernements désireux de s'introduire dans les appareils lors d'ententes secrètes pouvant rapporter des millions de dollars. Les failles dans le système iOS d'Apple sont rares; lors d'une vente publique l'année dernière, l'entreprise de cyber sécurité Zerodium a acheté un exploit zero-day pour un iPhone pour un million de dollars.

Votre iPhone est extrêmement vulnérable au piratage informatique, faites immédiatement la mise à jour

Your iPhone Is Super Vulnerable To Being Hacked So Update It Right This Second

SAN FRANCISCO — Apple rushed out a new security update for iPhones Thursday after it was revealed that an Israeli company had been selling and exploiting security vulnerabilities to Apple products. The Israeli NSO Group, a company so secretive it has <a href="https://motherboard.vice.com/read/government-hackers-iphone-hacking-jailbreak-nso-group">repeatedly</a> changed its name to avoid notice, was selling software to state governments that was then used to infiltrate iPhones, gaining access to text messages, emails, contacts, and call, according to a <a href="https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/">new report</a> released Thursday by researchers at Citizen Lab, an interdisciplinary group at the University of Toronto, and Lookout, a San Francisco mobile security company.The vulnerabilities, known as “zero days” because they were previously unknown to Apple, grant total access to an iPhone through a spear-phishing text message. Those text messages were designed to mimic the types of message a user might receive from a legitimate site, said the report. Among those impersonated to get users to click on the links: the Red Cross, Facebook, Google, and even the Pokémon Company. Once clicked, the message downloaded malware, which gave the attackers total access to the phone."We were made aware of this vulnerability and immediately fixed it with iOS 9.3.5," Apple said in a statement provided to BuzzFeed News. "We advise all of our customers to always download the latest version of iOS to protect themselves against potential security exploits."Lookout’s vice president of research, Mike Murray, <a href="https://motherboard.vice.com/read/government-hackers-iphone-hacking-jailbreak-nso-group">told</a> Motherboard that NSO was “basically a cyber arms dealer,” and that the type of malware used by NSO had never been seen before. “We realized that we were looking at something that no one had ever seen in the wild before. Literally a click on a link to jailbreak an iPhone in one step,” Murray told Motherboard. “One of the most sophisticated pieces of cyber espionage software we’ve ever seen.”An NSO Group spokesperson did not answer a request for comment by BuzzFeed News. An NSO Group spokesman <a href="http://www.nytimes.com/2016/08/26/technology/apple-software-vulnerability-ios-patch.html?_r=0">told</a> the New York Times in an email, “The company sells only to authorized governmental agencies, and fully complies with strict export control laws and regulations.”The malware used by NSO was discovered when Ahmed Mansoor, a 46-year-old human rights activist from the United Arab Emirates, noticed a strange text message on the morning of Aug. 10. Mansoor, who had previously been a victim of government cyber-espionage with tools purchased for FinFisher and Hacking Team — companies that compete with NSO — was suspicious of the message and forwarded it to Citizen Lab.The report found that other NSO targets included activists and journalists in Yemen, Turkey, Mozambique, Mexico, Kenya, and the UAE. Zero days are often sold to private companies and governments eager to break into devices in backroom deals that can net millions of dollars. Flaws in Apple’s iOS system are rare; in one public sale last year, the cybersecurity company Zerodium bought a zero-day exploit for an iPhone for $1 million.

Uma empresa israelense tem vendido um software para governos estaduais que lhes permite infiltrarem facilmente em um iPhone, de acordo com um novo relatório publicado quinta-feira.

[INSERT 1]SÃO FRANCISCO — A Apple adiantou uma nova atualização de segurança para iPhones quinta-feira depois que foi revelado que uma empresa israelense estava vendendo e explorando vulnerabilidades de segurança para os produtos da Apple. O Grupo NSO israelense, uma empresa tão secreta que tem <a href="https://motherboard.vice.com/read/government-hackers-iphone-hacking-jailbreak-nso-group">repetidamente</a> mudado seu nome para evitar ser notada, estava vendendo software para governos estaduais que eram então usados para infiltrar em iPhones, ganhando acesso a mensagens de texto, e-mails, contatos e chamada, de acordo com um <a href="https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/">novo relatório</a> divulgado quinta-feira por pesquisadores do Citizen Lab, um grupo interdisciplinar da Universidade de Toronto, e pela Lookout, uma empresa de segurança móvel de São Francisco.As vulnerabilidades, conhecidas como "zero dias" porque eram anteriormente desconhecidas da Apple, concedem acesso total a um iPhone através de uma mensagem de texto do tipo "spear phishing". Essas mensagens de texto foram concebidas para imitar os tipos de mensagem que um usuário pode receber a partir de um site legítimo, disse o relatório. Entre aqueles imitados para fazer os usuários clicarem nos links: a Cruz Vermelha, Facebook, Google e até mesmo a Companhia Pokémon. Uma vez clicado, a mensagem baixava malwares que davam aos invasores total acesso ao telefone."Nós fomos alertados sobre essa vulnerabilidade e imediatamente a reparamos com o iOS 9.3.5", a Apple disse em uma declaração fornecida para o BuzzFeed News. "Aconselhamos todos os nossos clientes a sempre baixarem a versão mais recente do iOS para se protegerem contra possíveis falhas de segurança".O vice-presidente de pesquisa da Lookout, Mike Murray, <a href="https://motherboard.vice.com/read/government-hackers-iphone-hacking-jailbreak-nso-group">disse</a> à Motherboard que o NSO era "basicamente um negociante cibernético de armas", e que o tipo de malware utilizado pelo NSO nunca tinha sido visto antes. “Nós percebemos que estávamos olhando para algo que ninguém nunca tinha visto antes. Literalmente um clique em um link para desbloquear um iPhone em um único passo", disse Murray à Motherboard. "Uma das peças mais sofisticadas de software de espionagem cibernética que já vimos".Um porta-voz do Grupo NSO não respondeu a um pedido de comentário pelo BuzzFeed News. Um porta-voz do Grupo NSO <a href="http://www.nytimes.com/2016/08/26/technology/apple-software-vulnerability-ios-patch.html?_r=0">disse</a> em um e-mail para o New York Times que "a empresa vende apenas para agências governamentais autorizadas, e em conformidade total com rígidas leis e regulamentos de controle de exportação".O malware usado pelo NSO foi descoberto quando Ahmed Mansoor, um ativista dos direitos humanos de 46 anos de idade dos Emirados Árabes Unidos, notou uma mensagem de texto estranha na manhã do dia 10 de agosto. Mansoor, que tinha anteriormente sido vítima de espionagem cibernética do governo com ferramentas compradas para a FinFisher e a Hacking Team — empresas que competem com o NSO —, suspeitou da mensagem e a enviou ao Citizen Lab.O relatório constatou que outros alvos do NSO incluíam ativistas e jornalistas no Iêmen, Turquia, Moçambique, México, Quênia e Emirados Árabes Unidos. Os zero dias são muitas vezes vendidos a empresas privadas e governos ansiosos em invadir dispositivos em negócios de bastidores que podem render milhões de dólares. Falhas no sistema iOS da Apple são raras; em uma venda pública no ano passado, a empresa de segurança cibernética Zerodium comprou um explorador do zero dias para um iPhone por US$ 1 milhão.

SÃO FRANCISCO — A Apple adiantou uma nova atualização de segurança para iPhones quinta-feira depois que foi revelado que uma empresa israelense estava vendendo e explorando vulnerabilidades de segurança para os produtos da Apple. O Grupo NSO israelense, uma empresa tão secreta que tem <a href="https://motherboard.vice.com/read/government-hackers-iphone-hacking-jailbreak-nso-group">repetidamente</a> mudado seu nome para evitar ser notada, estava vendendo software para governos estaduais que eram então usados para infiltrar em iPhones, ganhando acesso a mensagens de texto, e-mails, contatos e chamada, de acordo com um <a href="https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/">novo relatório</a> divulgado quinta-feira por pesquisadores do Citizen Lab, um grupo interdisciplinar da Universidade de Toronto, e pela Lookout, uma empresa de segurança móvel de São Francisco.As vulnerabilidades, conhecidas como "zero dias" porque eram anteriormente desconhecidas da Apple, concedem acesso total a um iPhone através de uma mensagem de texto do tipo "spear phishing". Essas mensagens de texto foram concebidas para imitar os tipos de mensagem que um usuário pode receber a partir de um site legítimo, disse o relatório. Entre aqueles imitados para fazer os usuários clicarem nos links: a Cruz Vermelha, Facebook, Google e até mesmo a Companhia Pokémon. Uma vez clicado, a mensagem baixava malwares que davam aos invasores total acesso ao telefone."Nós fomos alertados sobre essa vulnerabilidade e imediatamente a reparamos com o iOS 9.3.5", a Apple disse em uma declaração fornecida para o BuzzFeed News. "Aconselhamos todos os nossos clientes a sempre baixarem a versão mais recente do iOS para se protegerem contra possíveis falhas de segurança".O vice-presidente de pesquisa da Lookout, Mike Murray, <a href="https://motherboard.vice.com/read/government-hackers-iphone-hacking-jailbreak-nso-group">disse</a> à Motherboard que o NSO era "basicamente um negociante cibernético de armas", e que o tipo de malware utilizado pelo NSO nunca tinha sido visto antes. “Nós percebemos que estávamos olhando para algo que ninguém nunca tinha visto antes. Literalmente um clique em um link para desbloquear um iPhone em um único passo", disse Murray à Motherboard. "Uma das peças mais sofisticadas de software de espionagem cibernética que já vimos".Um porta-voz do Grupo NSO não respondeu a um pedido de comentário pelo BuzzFeed News. Um porta-voz do Grupo NSO <a href="http://www.nytimes.com/2016/08/26/technology/apple-software-vulnerability-ios-patch.html?_r=0">disse</a> em um e-mail para o New York Times que "a empresa vende apenas para agências governamentais autorizadas, e em conformidade total com rígidas leis e regulamentos de controle de exportação".O malware usado pelo NSO foi descoberto quando Ahmed Mansoor, um ativista dos direitos humanos de 46 anos de idade dos Emirados Árabes Unidos, notou uma mensagem de texto estranha na manhã do dia 10 de agosto. Mansoor, que tinha anteriormente sido vítima de espionagem cibernética do governo com ferramentas compradas para a FinFisher e a Hacking Team — empresas que competem com o NSO —, suspeitou da mensagem e a enviou ao Citizen Lab.O relatório constatou que outros alvos do NSO incluíam ativistas e jornalistas no Iêmen, Turquia, Moçambique, México, Quênia e Emirados Árabes Unidos. Os zero dias são muitas vezes vendidos a empresas privadas e governos ansiosos em invadir dispositivos em negócios de bastidores que podem render milhões de dólares. Falhas no sistema iOS da Apple são raras; em uma venda pública no ano passado, a empresa de segurança cibernética Zerodium comprou um explorador do zero dias para um iPhone por US$ 1 milhão.

Seu iPhone está supervulnerável de ser hackeado, então atualize-o neste exato momento

SAN FRANCISCO — Apple rushed out a new security update for iPhones Thursday after it was revealed that an Israeli company had been selling and exploiting security vulnerabilities to Apple products. The Israeli NSO Group, a company so secretive it has <a href="https://motherboard.vice.com/read/government-hackers-iphone-hacking-jailbreak-nso-group">repeatedly</a> changed its name to avoid notice, was selling software to state governments that was then used to infiltrate iPhones, gaining access to text messages, emails, contacts and call, according to a <a href="https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/">new report</a> released Thursday by researchers at Citizen Lab, an interdisciplinary group at the University of Toronto, and Lookout, a San Francisco mobile security company.The vulnerabilities, known as “zero days” because they were previously unknown to Apple, grant total access to an iPhone through a spear-phishing text message. Those text messages were designed to mimic the types of message a user might receive from a legitimate site, said the report. Among those impersonated to get users to click on the links: the Red Cross, Facebook, Google and even the Pokemon Company. Once clicked, the message downloaded malware which gave the attackers total access to the phone."We were made aware of this vulnerability and immediately fixed it with iOS 9.3.5," Apple said in a statement provided to BuzzFeed News. "We advise all of our customers to always download the latest version of iOS to protect themselves against potential security exploits."Lookout’s vice president of research Mike Murray <a href="https://motherboard.vice.com/read/government-hackers-iphone-hacking-jailbreak-nso-group">told</a> Motherboard that NSO was “basically a cyber arms dealer,” and that the type of malware used by NSO had never been seen before. “We realized that we were looking at something that no one had ever seen in the wild before. Literally a click on a link to jailbreak an iPhone in one step,” Murray told Motherboard. “One of the most sophisticated pieces of cyber espionage software we’ve ever seen.”An NSO Group spokesman did not answer a request for comment by BuzzFeed News. An NSO Group spokesman <a href="http://www.nytimes.com/2016/08/26/technology/apple-software-vulnerability-ios-patch.html?_r=0">said</a> in an email to the New York Times that, “The company sells only to authorized governmental agencies, and fully complies with strict export control laws and regulations.”The malware used by NSO was discovered when Ahmed Mansoor, a 46-year-old human rights activist from the United Arab Emirates, noticed a strange text message on the morning of August 10. Mansoor, who had previously been a victim of government cyber espionage with tools purchased for FinFisher and Hacking Team — companies that compete with NSO — was suspicious of the message and forwarded it to Citizen Lab.The report found that other NSO targets included activists and journalists in Yemen, Turkey, Mozambique, Mexico, Kenya, and the UAE. Zero days are often sold to private companies and governments eager to break into devices in back-room deals that can net millions of dollars. Flaws in Apple’s iOS system are rare; in one public sale last year, the cybersecurity company Zerodium bought a zero-day exploit for an iPhone for $1 million.

[INSERT 1]SAN FRANCISCO — Apple rushed out a new security update for iPhones Thursday after it was revealed that an Israeli company had been selling and exploiting security vulnerabilities to Apple products. The Israeli NSO Group, a company so secretive it has <a href="https://motherboard.vice.com/read/government-hackers-iphone-hacking-jailbreak-nso-group" target="_blank">repeatedly</a> changed its name to avoid notice, was selling software to state governments that was then used to infiltrate iPhones, gaining access to text messages, emails, contacts, and calls, according to a <a href="https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/" target="_blank">new report</a> released Thursday by researchers at Citizen Lab, an interdisciplinary group at the University of Toronto, and Lookout, a San Francisco mobile security company.The vulnerabilities, known as “zero days” because they were previously unknown to Apple, grant total access to an iPhone through a spear-phishing text message. Those text messages were designed to mimic the types of message a user might receive from a legitimate site, said the report. Among those impersonated to get users to click on the links: the Red Cross, Facebook, Google, and even the <a href="https://www.buzzfeed.com/sepidehzolfaghari/best-cartoon-theme-songs-ranked">Pokémon</a> Company. Once clicked, the message downloaded malware, which gave the attackers total access to the phone."We were made aware of this vulnerability and immediately fixed it with iOS 9.3.5," Apple said in a statement provided to BuzzFeed News. "We advise all of our customers to always download the latest version of iOS to protect themselves against potential security exploits."Lookout’s vice president of research, Mike Murray, <a href="https://motherboard.vice.com/read/government-hackers-iphone-hacking-jailbreak-nso-group" target="_blank">told</a> Motherboard that NSO was “basically a cyber arms dealer,” and that the type of malware used by NSO had never been seen before. “We realized that we were looking at something that no one had ever seen in the wild before. Literally a click on a link to jailbreak an iPhone in one step,” Murray told Motherboard. “One of the most sophisticated pieces of cyber espionage software we’ve ever seen.”An NSO Group spokesperson did not answer a request for comment by BuzzFeed News. An NSO Group spokesman <a href="http://www.nytimes.com/2016/08/26/technology/apple-software-vulnerability-ios-patch.html?_r=0" target="_blank">told</a> the New York Times in an email, “The company sells only to authorized governmental agencies, and fully complies with strict export control laws and regulations.”The malware used by NSO was discovered when Ahmed Mansoor, a 46-year-old human rights activist from the United Arab Emirates, noticed a strange text message on the morning of Aug. 10. Mansoor, who had previously been a victim of government cyber-espionage with tools purchased for FinFisher and Hacking Team — companies that compete with NSO — was suspicious of the message and forwarded it to Citizen Lab.The report found that other NSO targets included activists and journalists in Yemen, Turkey, Mozambique, Mexico, Kenya, and the UAE. Zero days are often sold to private companies and governments eager to break into devices in backroom deals that can net millions of dollars. Flaws in Apple’s iOS system are rare; in one public sale last year, the cybersecurity company Zerodium bought a zero-day exploit for an iPhone for $1 million.

News

Une entreprise israélienne vend à des gouvernements un logiciel qui leur permet de facilement infiltrer un iPhone, selon un nouveau rapport publié jeudi.

Mettez tout de suite votre iPhone à jour, une grosse faille de sécurité a été découverte

BuzzFeed

Relatório revelou que empresa israelense está vendendo a governos um software que permite monitorar iPhones.

Seu iPhone está supervulnerável a hackers, então atualize-o agora mesmo

BuzzFeed Staff

イスラエルの会社がiPhoneに侵入可能なソフトを売っていたという報告。

iPhoneに重大な脆弱性　記事を読んだら、すぐにアップデートを！

About BuzzFeed Community

Community Brand Guidelines

BuzzFeed Community

Sorry, this content is no longer supported.

BuzzFeed Community Guidelines

BuzzFeed Community Leaderboard

BuzzFeed News has breaking stories and original reporting on politics, world news, social media, viral trends, health, science, technology, entertainment, and LGBTQ issues.

All the best animals on the internet. The snuggle is real.

BuzzFeed has breaking news, vital journalism, quizzes, videos, celeb news, Tasty food videos, recipes, DIY hacks, and all the trending buzz you’ll want to share with your friends. Copyright BuzzFeed, Inc. All rights reserved.

BuzzFeed News | Breaking News | Original Reporting | News Analysis

Animal Pictures and Videos - Adorably from BuzzFeed

Name

Thanks for subscribing!

Stay up to date with our latest BuzzFeed video. Enter your email to subscribe!

Oops! Upload an image or add text to submit.

BuzzFeed has the hottest, most social content on the web. We feature breaking buzz and the kinds of things you'd want to pass along to your friends.