A security researcher who says he helped create an anti-spyware application for Apple’s iPhone has claimed that the software was actually a trojan.
The company has yet to respond to a request for comment.
“I’ve been told by several Apple employees that this is the product that was used in the attack,” the researcher wrote on his blog on Friday.
“Apple doesn’t really do anything but let these kinds of things happen to people,” he added.
“It seems like they don’t care if they are doing something wrong, or if it’s even an issue.”
The researcher said he found the software’s vulnerability to the trojan in an analysis of the Apple’s iOS application.
“If you know what you are doing, and you are following the right guidelines and you have an understanding of how the tools are set up, you should be able to do it,” he wrote.
The researcher was one of several who reported the security flaw to Apple in November 2015.
Apple has so far not publicly acknowledged the flaw, but it has confirmed that it used the software in a series of attacks on iOS devices.
The research suggests that Apple’s anti-malware tool, AppleCare, could be vulnerable to attacks, too.
The vulnerability could allow a malicious app to get access to the iPhone’s personal information, including the user’s password.
“We’ve found that AppleCare does not protect you from this particular attack,” Apple said in a statement to Reuters on Friday morning.
“There is a bug in AppleCare that allows a malicious application to get in to your device, allowing it to steal sensitive information.”
Affected iPhone versions are currently known to be the 5s, 5c, 5s Plus, 5, 5C, and 5C Plus.