(CNN Business)Apple has updated its software for iPhones to address a critical vulnerability that independent researchers say has been exploited by notorious surveillance software to spy on a Saudi activist.
Researchers from the University of Toronto’s Citizen Lab said the software exploit has been in use since February and has been used to deploy Pegasus, the spyware made by Israeli firm NSO Group that has allegedly been used to surveil journalists and human rights advocates in multiple countries.
The urgent update that Apple (AAPL) released Monday plugs a hole in the iMessage software that allowed hackers to infiltrate a user’s phone without the user clicking on any links, according to Citizen Lab. The Saudi activist chose to remain anonymous, Citizen Lab said.
Apple credited the Citizen Lab researchers for finding the vulnerability, but an Apple spokesman declined further comment.
NSO Group did not immediately respond to a request for comment on the research. The firm has said its software is only sold to vetted customers for counterterrorism and law enforcement purposes.
Researchers, however, say they have found multiple cases in which the spyware was deployed on dissidents or journalists. In 2019, Citizen Lab analysts alleged that Pegasus was used on the mobile phone of the wife of a slain Mexican journalist.