Apple has fixed a vulnerability that affects all versions of its iOS, OSX and watchOS operating systems, and was first flagged in mid-July.
Israeli cyber surveillance company NSO Group is believed to have used the never-before-seen technique since at least February, internet security watchdog group Citizen Lab said.
It affects "all iPhones with iOS versions prior to 14.8; all Mac computers with operating system versions prior to OSX Big Sur 11.6, Security Update 2021-005 Catalina; and all Apple Watches prior to watchOS 7.6.2."
The vulnerability exploited by the Israeli surveillace firm, NSO Group, defeats security systems designed by Apple in recent years.
Apple said it fixed the vulnerability in now-released software update, confirming Citizen Lab's finding.
However, an Apple spokesperson declined to comment regarding whether the hacking technique came from NSO Group.
Citizen Lab said it found the malware on the phone of an unnamed Saudi activist, which had been infected with spyware in February. It is unknown how many other users may have been infected.
The vulnerability comes from a flaw in how iMessage automatically renders images.
iMessage has been repeatedly targeted by NSO, as well as other cyber arms dealers, prompting Apple to update its architecture. But that upgrade has not fully protected the system.
The vulnerability has been codenamed 'FORCEDENTRY' and is officially known as CVE-2021-30860.
Apple described the vulnerability as “processing a maliciously crafted PDF may lead to arbitrary code execution.”
The US Cybersecurity and Infrastructure Security Agency had no immediate comment.