Security researchers said an Israeli “cyber war” company exploited three previously unknown bugs in Apple’s smartphone software, enabling devices to be used to spy on users.

The hack, uncovered by experts at the University of Toronto’s Citizen Lab and Lookout Security, was conducted by NSO Group Technologies, an Israeli start-up which sells products to government agencies for law enforcement.

The breach was discovered after a UAE citizen’s iPhone was targeted through a text message inviting him to click on a web link. Instead of clicking, Ahmed Mansoor, a human rights activist, forwarded the message to the researchers at the lab.

Citizen Lab experts said once the phone was infected, using a software called Pegasus, it would become a “digital spy in his pocket”, capable of using the phone’s camera and microphone to snoop on activity, as well as recording WhatsApp and Viber calls, logging messages sent in chat apps, and tracking his movements.

The hack is reportedly one of the first known cases where an iPhone 6 is fully taken over remotely.

Citizen Lab said it informed Apple a week and a half ago about the breach, but held back on revealing its findings until it was fixed.

Apple released a statement saying it had solved the issue, which was distributed as an automatic update to those using the iPhone 6.

“The attack on Mansoor is further evidence that lawful intercept spyware has significant abuse potential, and that some governments cannot resist the temptation to use such tools against political opponents, journalists and human rights defenders,” read Citizen Lab’s report.