The major tech platform is urging all of their users to update their software immediately following new research.

Apple says a critical vulnerability has been detected that enables Israeli spyware company NSO Group to take control over any Apple device, whether that be computer, watch or phone.

It comes as researchers at The Citizen Lab made the discovery on Monday.

“While analyzing the phone of a Saudi activist infected with NSO Group’s Pegasus spyware, we discovered a zero-day zero-click exploit against iMessage,” researchers said.

“The exploit, which we call FORCEDENTRY, targets Apple’s image rendering library, and was effective against Apple iOS, MacOS and WatchOS devices.”

The malicious software hacks devices after sending a message through iMessage.

They then start controlling devices through a flaw in Apple’s image processing systems.

An attack on users without warning

But what researchers find most alarming is that devices are hacked without the user knowing as they don’t have to click on a link or download a file to grant the hacker permission to take over.

“The user sees crickets while their iPhone is silently exploited,” Researcher John Scott-Railton says.

“Someone sends you a GIF that isn’t, and then you’re in trouble. That’s it. You don’t see a thing.”

While all users are being urged to update their software, government groups are likely to be a key-target as they use NSO group’s software.

A breach of trust?

The spyware company creates surveillance and hacking software that governments often rent to investigate the computer and smartphone activity of criminals.

Usually, this is done lawfully with NSO saying it can’t be used to target the devices of American citizens.

However, prior research has found this is not always the case, with reports suggesting their Pegasus software has been used against Mexican journalists and Saudi Arabia protestors.

Despite this, NSO reassures its users that it will continue to supply their services to help prevent criminal behaviour online.

“NSO Group will continue to provide intelligence and law enforcement agencies around the world with life saving technologies to fight terror and crime,” an NSO spokesperson said.

No comments are yet to be made on the discovery of Apple’s critical vulnerability.

Here’s what users should do next

Meanwhile, Ivan Krstić, Apple’s head of Security Engineering and Architecture, says he is grateful to Citizen Lab for alerting the company on the exploit.

“Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals.”

Ivan Krstić said in a statement

For those who are concerned, Citizen Lab researchers urge users to stay alert and to monitor their phone activity.

Additionally, paying attention to software updates and installing them will also help with preventing future bug issues that could lead to devices being hacked.

“[Software updates] will prevent you from being infected with this exploit going forward,” Researcher John Scott-Railton says.

“But what we know is NSO is always trying to find other ways to infect people’s phones, and they may turn to something else.”

Written by Rebecca Borg