Untold thousands of iPhone users have had their phones infected with spyware for as much as two years.

Cyber-security experts call it the worst-ever failure involving Apple products.

These issues tend to go over most of our heads — so we contacted Yasuo Ogawa — founder of Cowabunga! Computers — to help us understand the problem — but more importantly — how to fix it.

We first wanted to know — how can you tell if your iPhone is infected?

Ogawa says, “That’s really difficult … Right now, the Apple Corporation did put a fix out there for the exploitations that are going on. That was done in February. It’s been quietly rolled out with the new updates.”

Ogawa says this type of cyber-attack is called a “Zero Day” exploit. It sleeps until a pre-determined day — like one a couple years ago on Super Bowl Sunday.

This one activates on random days.

Ogawa says, “It exploited things like your contact list, your WhatsApp messages, text messages, photos, it really cloned out your phone. And I can tell you from personal experience, it’s happened to me.”

Ogawa says your banking information should be okay , “Because you’re authenticating against their server, but if you have like a notepad and you’re putting down security PINS or personal information on your phone, a lot of people put it under their contact list, these are things that you probably want to be a little bit more aware of.”

He says third-party password apps like LastPass, offer encryption and are affordable.

Infection happens when users visit websites.

“They can’t even identify the website, because a lot of times websites have third-party advertisers on them, and the third-party advertisers may be the ones infected.”

Authorities have yet to identify those responsible — but Ogawa says this type of hack is extremely expensive to carry out.

“It’s not your casual hacker that said, ‘Let’s do this,’ this is there’s a lot of speculation on the Internet about who’s behind it, but again it’s speculative so I really can’t mention it, but it’s probably at the state level.”

Meaning?

“There could be a country involved.”

Confirmation of the attack came from one of Apple’s phone-making rivals.

Ogawa says, “The ironic thing about this whole thing is, Google is the one that found this exploit. So, and Google is famous for giving away free software, so free sometimes wins.”

It’s unknown at this time whether the spyware targeted phones only in the U.S., or worldwide.

Apple released a new update this week addressing some security flaws.

Experts recommend keeping your phone up-to-date with all software improvements.