An Israeli cybersecurity firm has been exploiting a significant Apple Inc. software vulnerability since February to silently infect iPhones using iMessage, the company’s messaging software, according to the research group that discovered the issue.
On Monday, Apple supplied a critical security update fixing the flaw, but the vulnerability had been used in attacks by Israel’s NSO Group, according to Citizen Lab. Citizen Lab is an academic research group that investigates cyberattacks on journalists and dissidents.
“After identifying the vulnerability used by this exploit for iMessage, Apple rapidly developed and deployed a fix in iOS 14.8 to protect our users,” Apple said in a statement. “We’d like to commend Citizen Lab for successfully completing the very difficult work of obtaining a sample of this exploit so we could develop this fix quickly.”