Do you own an iPhone? Update it right now.
Apple has released an emergency software patch after researchers uncovered a security flaw that could allow hackers to secretly install spyware on your Apple devices even if you do nothing, not even click on a link.
The spyware can then eavesdrop or steal data from your device. All of Apple’s operating systems, including those for iPads, Macs and Apple Watches, are vulnerable.
The University of Toronto’s Citizen Lab said the “zero-click” flaw allowed Pegasus spyware from Israeli hacker-for-hire firm, NSO Group, to infect the iPhone of a Saudi activist by sending an image file via iMessage. The activist asked to remain anonymous.
►iOS 15 is coming soon:Here’s what we know about the iPhone’s upcoming update
NSO Group did not immediately respond to an email seeking comment.
An NSO spokesperson told Vice that “NSO Group will continue to provide intelligence and law enforcement agencies around the world with life saving technologies to fight terror and crime.”
NSO Group licenses its Pegasus spyware tool to government agencies and police forces to investigate major crimes. According to reports from Citizen Lab and Amnesty International, it has also been used to target human rights activists, journalists and political dissidents.
Apple issued a patch aimed at fixing the security flaw Monday but did not mention NSO Group.
While it’s unlikely that hackers will target average users, any Apple device is vulnerable and the iOS update is recommended for everyone.