A new Apple software patch blocks a type of spyware known as "zero-click" that could infect iPhones and iPads.
Researchers discovered the flaw, which allows hackers to access devices through the iMessage service even when users do not click on a link or file.
Researchers say the problem affects all of the technology giant's operating systems.
Apple said in a statement it released the security update after “maliciously crafted” PDF files spread across the internet.
The Citizen Lab at the University of Toronto, which first raised the issue, had previously found zero-click spyware, but "This is the first instance where the exploit has been captured so that we can discover how it works," according to researcher Bill Marczak.
In addition to smartphones, Macs and Apple Watches are all affected by the previously unknown vulnerability, according to the researchers.
The security issue was also exploited to install spyware on a Saudi activist's iPhone, Citizen Lab said, adding that the Israeli hacker-for-hire group, NSO Group, was responsible for the attack.
NSO did not confirm or deny being behind the spyware, saying only that it would "continue to provide intelligence and law enforcement agencies around the world with life-saving technologies to fight crime and terror".
Although the discovery is significant, most users of Apple devices should not be overly concerned, according to security experts because such attacks are usually highly targeted.
In a blog post, Apple explained that it issued the iOS 14.8 and iPadOS 14.8 patches after becoming aware of reports that the flaw "may have been actively exploited".
As the technology giant prepared to unveil new devices at its annual launch event on Tuesday, it made the announcement.
Apple is expected to unveil new iPhones and update its AirPods and Apple Watch.