The attack on the dissident, Ahmed Mansoor, used a text message that invited him to click on a web link. Instead of clicking, he forwarded the message to researchers at the University of Toronto’s Citizen Lab.
Experts there worked with security company Lookout and determined that the link would have installed a program taking advantage of a flaw that Apple and others were not aware of. The researchers disclosed their findings on Thursday.
The researchers said that they had alerted Apple, which developed a fix and distributed it as an automatic update to iPhone 6 owners.
Apple spokesman Fred Sainz confirmed that the company had issued the patch after being contacted by researchers about the issue.
The Citizen Lab team attributed the attack software to a private seller of monitoring systems, NSO Group, an Israeli company that makes software for governments which can secretly target a user’s mobile phone and gather information from it. Such tools, known as remote exploits, cost as much as $1 million.
An attack on a fully patched, current-model iPhone 6 had not been detected before, though they had been considered possible for major governments, which generally have more surveillance resources at their disposal.
