An Israeli cybersecurity firm can break into Apple iPhones without user interaction, a technique never seen before, according to the internet watchdog group Citizen Lab on Monday.
Apple said it fixed the vulnerability on Monday with its latest update and the overwhelming majority of users were now protected.
The company's head of security engineering and design said in a statement, "After identifying the vulnerability used by this exploit for iMessage, Apple rapidly deployed a fix in iOS 14.8 to protect our users.”
Citizen Lab said it found the malware on a Saudi activist phone and it had been there since February.
It’s unknown how many other users may have been infected.
The hack exploits iMessage and its auto image rendering.
Targets would not have to click on anything for the attack to work and researchers say there may not even be a visible sign that it happened.
The U.S. Cybersecurity and Infrastructure Security Agency had no immediate comment.
A record number of new attack methods have been unveiled this year, which can each be sold for over $1 million.
The attacks are sometimes known as “zero-day” because software companies have zero notice of it happening.
The White House has said it’s now focused on cybersecurity issues in response to the explosion of recent hacks.