Researchers from the University of Toronto’s Citizen Lab said the software exploit has been in use since February and has been used to deploy Pegasus, the spyware made by Israeli firm NSO Group that has allegedly been used to surveil journalists and human rights advocates in multiple countries.
Apple credited the Citizen Lab researchers for finding the vulnerability.
“Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals,” Ivan Krstić, head of Apple Security Engineering and Architecture, said in a statement.
Krstić said Apple rapidly addressed the issue with a software fix and that the vulnerability is “not a threat to the overwhelming majority of our users.”
Still, security experts encouraged users to update their mobile devices for protection.
In a statement, NSO Group did not address the allegations, only saying, “NSO Group will continue to provide intelligence and law enforcement agencies around the world with life saving technologies to fight terror and crime.”
The firm has previously said its software is only sold to vetted customers for counterterrorism and law enforcement purposes.
Researchers, however, say they have found multiple cases in which the spyware was deployed on dissidents or journalists. In 2019, Citizen Lab analysts alleged that Pegasus was used on the mobile phone of the wife of a slain Mexican journalist.