Apple users urged to download Pegasus spyware flaw fix

Apple users were urged yesterday to update their devices after the tech giant announced a fix for a major software flaw that allows the Israeli Pegasus spyware to be installed on phones without so much as a click.

Cybersecurity experts at the Citizen Lab, a research center at the University of Toronto, uncovered the flaw while analyzing the phone of a Saudi activist.

That person is among tens of thousands believed to have been targeted with the Israeli-made Pegasus software.

According to media reports, this has been used worldwide to intercept the communications of activists, journalists and even heads of state.

Apple said on Monday that it had "rapidly" developed a software update after Citizen Lab alerted it to the hole in its iMessage software on September 7.

"Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals," the company said.

Citizen Lab said it was urging people "to immediately update all Apple devices" in light of the new evidence.

Explosive revelations that governments have spied on people using the hugely invasive software – which was developed by the NSO Group, a secretive Israeli firm – have ricocheted around the world since July since they became public.

Once Pegasus is installed on a phone, it can be used to read a target's messages, look at their photos, track their movements and even switch on their camera – all without the person knowing.

The flaw fixed by Apple on Monday is a so-called "zero-click exploit," meaning that it can be installed on a device without the owner needing to do so much as click a button.

Citizen Lab said it believed the flaw, which it named FORCEDENTRY, had been used to install Pegasus on devices since February 2021 or possibly earlier.