Urgent warning for Apple users over 'zero-click' malware which can infect devices

Citizen Lab said the phone had been infected with spyware in February and at the moment it is not clear how many other users may have been infected.

Researcher Bill Marczak said there was high confidence that Israeli surveillance firm NSO Group was behind the attack.

Experts said the average user should not be too concerned as similar attacks tend to be highly targeted, but the security issue was alarming.

Mr Marczak said the malicious files were put on the Saudi activist's phone via the iMessage app before the phone was hacked with NSO's Pegasus spyware.

The way the attack happened meant that the phone was able to spy on its user, without them even knowing.

Citizen Lab researcher John Scott-Railton said: "Popular chat apps are at risk of becoming the soft underbelly of device security. Securing them should be top priority."

Apple has since released an update for users, with a security note for iOS 14.8 and iPadOS 14.8 saying: "Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited."

It also released WatchOS 7.6.2, MacOS Big Sur 11.6 as well as a security update for MacOS Catalina to address the vulnerability, the Irish Mirror reports.

Ivan Krstić, head of Apple Security Engineering and Architecture, said in a statement: "After identifying the vulnerability used by this exploit for iMessage, Apple rapidly developed and deployed a fix in iOS 14.8 to protect our users.

"Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals."

He added: "While that means they are not a threat to the overwhelming majority of our users, we continue to work tirelessly to defend all our customers, and we are constantly adding new protections for their devices and data."