Hackers were able to remotely install surveillance software on phones and other devices using a major vulnerability in messaging app WhatsApp, it has been confirmed.

WhatsApp, which is owned by Facebook, said the attack targeted a “select number” of users, and was composed by “an advanced cyber actor”.

A fix was rolled out on Friday.

On Monday WhatsApp urged all of its 1.5bn users to update their apps as an added precaution.

The attack, discovered earlier this month, was first reported in the Financial Times.

It involved attackers using WhatsApp’s voice calling function to ring a target’s device.

Even if the call was not picked up, the surveillance software would be installed, and, the FT reported, the call would often disappear from the device’s call log.

The BBC understands WhatsApp’s security team was the first to identify the flaw, and shared that information with human rights groups, selected security vendors and the US Department of Justice earlier this month.