Whether all your electronic devices are Apple or you only own an iPhone, now is NOT the time to ignore those update notifications.

Several independent researchers have found that an infamous Israeli spyware firm known as NSO Group, have developed a tool that can take control of nearly any major Apple device, such as Macs, iPhones and Apple watches, without you even noticing.

Researchers at the University of Toronto’s Citizen Lab, alerted the company to the problem after they analysed an undisclosed Saudi Activist’s phone, which they found to be infected with NSO’s pegasus spyware.

This spyware can give someone complete access to your phone, even if they are hundreds of miles away. But the most nefarious thing is the way it does it. Experts call this type of attack a Zero-Click Exploit. It’s called this because it doesn’t need the user to click on any link or download any file to allow the attacker to take over the device. The spyware uses a flaw in the iMessage app, to allow the attacker to hack the device.

The attacks initially came to light in August; unfortunately, Apple was only able to make a fix for it now. This is because the company was initially working with only partial information, until September 7, when Citizen Lab found out more details from the phone of the activist we mentioned earlier. Apple pushed fixes for the hack on September 13. 

Bill Marczak, a Citizen Lab Senior Research fellow, has said that although they had found evidence of the Zero-Click Exploits being used in phones of journalists and other targets, “this is the first one where the exploit has been captured, so we can find out how it works.”

Apple’s head of security and engineering Ivan Krstic thanked Citizen Lab for identifying the security flaw. Said Krstic, “attacks like the ones described are highly sophisticated, take millions of dollars to develop, usually work for only a short time, and are generally used to target specific individuals. While that means they are not a threat to most of our users, we will continue to work tirelessly to defend all our customers, and we are constantly adding new protections for their devices and data.”

Apple has said that it will introduce new security defenses for iMessage in the iOS 15 update, which is scheduled for release later this year.

NSO meanwhile released a statement to the Reuters news agency, neither confirming nor denying whether they were behind the spyware. Instead they said that they would, “continue to provide intelligence to law enforcement agencies all around the world to fight terror and crime".

Unfortunately, it is not just Apple products, but other OS users (such as Android and Windows) can also fall under the attack of this hack. Citizen Lab researcher John Scott-Railton said, “Popular chat apps are at risk of becoming the soft underbelly of device security. Securing them should be top priority.”

Microsoft disclosed that some malicious spyware were actively exploiting a similar vulnerability in Windows. Said the company “Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents.” Infected Office files allow hackers access to your machine and they can then execute commands remotely.

Chrome isn’t safe either. Google has pushed updates for vulnerabilities in the browser recently too.

So what’s the takeaway from this? It’s simple actually, do your best to update your devices on a regular basis and stay vigilant of any suspicious files or links.

Keep yourselves safe, dostoon. Halka sa security can go a long way.