Apple on Monday issued an emergency software update after researchers discovered an exploit that it believes the Israeli spyware firm NSO Group used to remotely infect iPhones, iPads, Apple Watches and Macs.
The software update came after a report was published by Citizen Lab, a cybersecurity watchdog of the University of Toronto, which said that since February, NSO Group has been infecting devices with Pegasus spyware through an exploit in iMessage.
"While analyzing the phone of a Saudi activist infected with NSO Group's Pegasus spyware, we discovered a zero-day zero-click exploit against iMessage," Citizen Lab said, adding that it had passed the information to Apple.
"The exploit, which we call FORCEDENTRY, targets Apple's image rendering library, and was effective against Apple iOS, MacOS and WatchOS devices."
The spyware is installed without the need for the user to do anything, and affects all operating systems except iOS 14.8 in which a patch was issued by Apple on Monday.