Hack allows governments, mercenaries and criminals to secretly break into a victim’s device without tipping them off

Apple on Monday issued emergency software updates for a critical vulnerability in its products, after security researchers uncovered a flaw that allows spyware from Israel’s NSO Group to infect anyone’s iPhone, Apple Watch or Mac computer without so much as a click, the New York Times reported.

Apple’s security team has been working to develop a fix since Tuesday, after researchers at the University of Toronto discovered that a Saudi activist’s iPhone had been infected with spyware from NSO Group.

The spyware, called Pegasus, invisibly infects an Apple device without the victim’s knowledge for as long as six months. Known as a “zero click remote exploit,” it is considered the Holy Grail of surveillance because it lets hackers secretly break into a victim’s device without tipping them off.

Using the zero-click infection method, Pegasus can turn on a user’s camera and microphone, record their messages, texts, emails, calls — even those sent via encrypted messaging and phone apps like Signal — and send it back to NSO’s clients at governments around the world.

© Copyright LaPresse