Flaws in Apple’s iOS operating system have been discovered that made it possible to install spyware on a target’s device merely by getting them to click on a link.
The discovery was made after a human rights lawyer alerted security researchers to unsolicited text messages he had received.
They discovered three previously unknown flaws within Apple’s code.
Apple has since released a software update that addresses the problem.
The two security firms involved, Citizen Lab and Lookout, said they had held back details of the discovery until the fix had been issued.
The lawyer, Ahmed Mansoor, received the text messages on 10 and 11 August.
The texts promised to reveal “secrets” about people allegedly being tortured in the United Arab Emirates (UAE)’s jails if he tapped the links.
Had he done so, Citizen Lab says, his iPhone 6 would have been “jailbroken”, meaning unauthorised software could have been installed.
“Once infected, Mansoor’s phone would have become a digital spy in his pocket, capable of employing his iPhone’s camera and microphone to snoop on activity in the vicinity of the device, recording his WhatsApp and Viber calls, logging messages sent in mobile chat apps, and tracking his movements,” said Citizen Lab.
“We are not aware of any previous instance of an iPhone remote jailbreak used in the wild as part of a targeted attack campaign, making this a rare find.”
The researchers say they believe the spyware involved was created by NSO Group, an Israeli “cyber-war” company.