Mike Murray, vice president of security research at Lookout, said that his firm -- along with an allied cyber research group called Citizen Lab -- discovered the vulnerabilities dubbed Trident, which allow attackers to take full control of iPhones with a single click.
The Trident vulnerabilities were being exploited by a software package called "Pegasus," Murray said, noting that he believes the hacking software was being used by governments against high-value targets.
"It would appear that this software is sold all over the world, and it’s sold to governments who want to target whoever they feel is a high-value target," Murray told ABC News.
In a blog post on Lookout's website, the company claims that researchers found the exploit after being contacted by activist Ahmed Mansoor.
According to the post, Mansoor had received suspicious text messages on Aug. 10 and Aug. 11 encouraging him to click on links that would direct him to "secrets" about torture and abuse in jails in the United Arab Emirates.
“The examples that were caught by Citizen Lab were in the Middle East, but that doesn’t mean it is limited to that region," Murray told ABC News. "The code actually has intercept capability on software that’s used in many regions."
He noted that the software was able to intercept messages from people using any number of apps, including Gmail and WhatsApp, because of the sophistication of the attack.
Apple confirmed to ABC News that it had released an update to iOS users today in response to the discovery of the vulnerabilities.
Murray said they notified the tech giant of the problems on Aug. 15, and remarked that Apple acted with incredible speed to address the issues.
“For a company like Apple to turnaround a patch in 10 days it’s very impressive,” he said. “I know the folks at Apple have had some late nights."