If you own an Apple product, don’t skip the latest software update alert.

Apple issued the emergency software update to correct a major vulnerability that researchers say allowed click-free spyware from the Israeli technology firm NSO Group to infect iPhones, iPads, Apple Watches or MacBook Pro laptops.

According to the New York Times, the security team at Apple has been feverishly working to come up with a fix since the spyware was detected last week. Researchers with the cybersecurity watchdog group Citizen Lab at the University of Toronto had discovered that the iPhone of a Saudi activist had been infected with the spyware, which is called Pegasus.

The Times describes the software as being incredibly dangerous because the spyware can install itself on a phone without the owner even doing anything.

Known as a “zero click remote exploit,” it is considered the Holy Grail of surveillance because it allows governments, mercenaries and criminals to secretly break into a victim’s device without tipping the victim off.
Using the zero-click infection method, Pegasus can turn on a user’s camera and microphone, record messages, texts, emails, calls — even those sent via encrypted messaging and phone apps like Signal — and send them back to NSO’s clients at governments around the world.

The researchers say the spyware uses iMessage to embed itself. It’s another signal that the chat apps that so many people use are being exploited by hackers for intelligence gathering.

NSO Group did not issue a comment regarding this episode, but the company is no stranger to controversy. While the company insists it only sells its spyware to governments that meet strict human rights standards, The Project Pegasus investigation by Amnesty International, Forbidden Stories, the Washington Post and 16 other news agencies found the Pegasus spyware has been used to target political dissidents, human rights activists and journalists in countries like Saudi Arabia, the United Arab Emirates and Mexico.