A flaw in Apple's software exploited by Israeli surveillance firm NSO Group to break into iPhones in 2021 was simultaneously abused by a competing company.

QuaDream is a smaller and lower profile Israeli firm that also develops smartphone hacking tools intended for government clients. Apparently, it gained the same ability last year to remotely break into iPhones meaning that both firms could compromise Apple phones without an owner needing to open a malicious link.

That two firms employed the same sophisticated hacking technique -- known as a "zero-click" -- shows that iPhones are more vulnerable to powerful digital spying tools than the Tame Apple Press will admit.

Cordyceps Systems partner Dave Aitel told Reuters "People want to believe they're secure, and phone companies want you to believe they're secure. What we've learned is, they're not."

Experts analysing intrusions engineered by NSO Group and QuaDream since last year believe the two companies used very similar software exploits, known as ForcedEntry, to hijack iPhones.