<p>Apple users were urged Tuesday to update their devices after the tech giant announced a fix for a major software flaw that allows the Pegasus spyware to be installed on phones without so much as a click.</p>.<p>Cybersecurity experts at the Citizen Lab, a research centre at the University of Toronto, uncovered the flaw while analyzing the phone of a Saudi activist.</p>.<p>That person is among tens of thousands believed to have been targeted with the Israeli-made Pegasus software, which according to media reports has been used worldwide to intercept the communications of activists, journalists and even heads of state.</p>.<p><strong>Read more: <a href="https://www.deccanherald.com/business/business-news/apple-fixes-security-hole-reportedly-used-to-hack-iphones-other-apple-devices-1030156.html" target="_blank">Apple fixes security hole reportedly used to hack iPhones, other Apple devices </a></strong></p>.<p>Apple said Monday that it had "rapidly" developed a software update after Citizen Lab alerted it to the hole in its iMessage software on September 7.</p>.<p>"Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals," the company said.</p>.<p>Citizen Lab said it was urging people "to immediately update all Apple devices".</p>.<p>Explosive revelations that governments have spied on people using the hugely invasive software -- which was developed by the NSO Group, a secretive Israeli firm -- have ricocheted around the world since July.</p>.<p>Once Pegasus is installed on a phone, it can be used to read a target's messages, look at their photos, track their movements and even switch on their camera -- all without the person knowing.</p>.<p>The flaw fixed by Apple on Monday is a so-called "zero-click exploit", meaning that it can be installed on a device without the owner needing to do so much as click a button.</p>.<p>Less sophisticated spyware tools have generally required the target to click on a booby-trapped link or file in order to start tapping the person's communications.</p>.<p>Citizen Lab said it believed the flaw, which it named FORCEDENTRY, had been used to install Pegasus on devices since February 2021 or possibly earlier.</p>.<p>It is a variant of a weak spot in Apple's messaging software that Citizen Lab previously detected on the iPhones of nine Bahraini activists, who were hacked with Pegasus between June 2020 and February this year.</p>.<p>"Popular chat apps are the soft underbelly of device security. They are on every device," tweeted John Scott-Railton, a senior researcher at Citizen Lab who helped uncover the flaw.</p>.<p>The messaging service WhatsApp was previously also allegedly used to infiltrate phones using Pegasus, and its owner Facebook is suing the NSO Group.</p>.<p>The security of messaging apps "needs to be a top priority," Scott-Railton added, urging his followers: "UPDATE YOUR APPLE DEVICES NOW."</p>.<p>NSO, the company at the heart of the scandal, has denied any wrongdoing and insisted its software is intended for use by authorities only in fighting terrorism and other crimes.</p>.<p>But the company, which says it has clients in 45 countries, did not dispute that Pegasus had prompted Apple's urgent software upgrade.</p>.<p>It said in a statement that it would "continue to provide intelligence and law enforcement agencies around the world with life saving technologies to fight terror and crime."</p>.<p>Citizen Lab, which first uncovered Pegasus alongside cybersecurity firm Lookout five years ago, accuses NSO of selling the software to authoritarian governments that use it for repressive purposes.</p>.<p>Emerging economies such as India, Mexico and Azerbaijan dominated the list of countries where large numbers of phone numbers were allegedly identified as possible targets by NSO's clients.</p>.<p>Since July, the scandal has prompted calls from rights groups for an international moratorium on the sale of surveillance technology until regulations are put in place to prevent abuses.</p>.<p>That call was backed by United Nations human rights experts last month.</p>.<p>"It is highly dangerous and irresponsible to allow the surveillance technology and trade sector to operate as a human rights-free zone," they said.</p>.<p>Israel's defense establishment has meanwhile set up a committee to review NSO's business, including the process through which export licences are granted.</p>.<p><strong>Check out the latest DH videos here:</strong></p>
<p>Apple users were urged Tuesday to update their devices after the tech giant announced a fix for a major software flaw that allows the Pegasus spyware to be installed on phones without so much as a click.</p>.<p>Cybersecurity experts at the Citizen Lab, a research centre at the University of Toronto, uncovered the flaw while analyzing the phone of a Saudi activist.</p>.<p>That person is among tens of thousands believed to have been targeted with the Israeli-made Pegasus software, which according to media reports has been used worldwide to intercept the communications of activists, journalists and even heads of state.</p>.<p><strong>Read more: <a href="https://www.deccanherald.com/business/business-news/apple-fixes-security-hole-reportedly-used-to-hack-iphones-other-apple-devices-1030156.html" target="_blank">Apple fixes security hole reportedly used to hack iPhones, other Apple devices </a></strong></p>.<p>Apple said Monday that it had "rapidly" developed a software update after Citizen Lab alerted it to the hole in its iMessage software on September 7.</p>.<p>"Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals," the company said.</p>.<p>Citizen Lab said it was urging people "to immediately update all Apple devices".</p>.<p>Explosive revelations that governments have spied on people using the hugely invasive software -- which was developed by the NSO Group, a secretive Israeli firm -- have ricocheted around the world since July.</p>.<p>Once Pegasus is installed on a phone, it can be used to read a target's messages, look at their photos, track their movements and even switch on their camera -- all without the person knowing.</p>.<p>The flaw fixed by Apple on Monday is a so-called "zero-click exploit", meaning that it can be installed on a device without the owner needing to do so much as click a button.</p>.<p>Less sophisticated spyware tools have generally required the target to click on a booby-trapped link or file in order to start tapping the person's communications.</p>.<p>Citizen Lab said it believed the flaw, which it named FORCEDENTRY, had been used to install Pegasus on devices since February 2021 or possibly earlier.</p>.<p>It is a variant of a weak spot in Apple's messaging software that Citizen Lab previously detected on the iPhones of nine Bahraini activists, who were hacked with Pegasus between June 2020 and February this year.</p>.<p>"Popular chat apps are the soft underbelly of device security. They are on every device," tweeted John Scott-Railton, a senior researcher at Citizen Lab who helped uncover the flaw.</p>.<p>The messaging service WhatsApp was previously also allegedly used to infiltrate phones using Pegasus, and its owner Facebook is suing the NSO Group.</p>.<p>The security of messaging apps "needs to be a top priority," Scott-Railton added, urging his followers: "UPDATE YOUR APPLE DEVICES NOW."</p>.<p>NSO, the company at the heart of the scandal, has denied any wrongdoing and insisted its software is intended for use by authorities only in fighting terrorism and other crimes.</p>.<p>But the company, which says it has clients in 45 countries, did not dispute that Pegasus had prompted Apple's urgent software upgrade.</p>.<p>It said in a statement that it would "continue to provide intelligence and law enforcement agencies around the world with life saving technologies to fight terror and crime."</p>.<p>Citizen Lab, which first uncovered Pegasus alongside cybersecurity firm Lookout five years ago, accuses NSO of selling the software to authoritarian governments that use it for repressive purposes.</p>.<p>Emerging economies such as India, Mexico and Azerbaijan dominated the list of countries where large numbers of phone numbers were allegedly identified as possible targets by NSO's clients.</p>.<p>Since July, the scandal has prompted calls from rights groups for an international moratorium on the sale of surveillance technology until regulations are put in place to prevent abuses.</p>.<p>That call was backed by United Nations human rights experts last month.</p>.<p>"It is highly dangerous and irresponsible to allow the surveillance technology and trade sector to operate as a human rights-free zone," they said.</p>.<p>Israel's defense establishment has meanwhile set up a committee to review NSO's business, including the process through which export licences are granted.</p>.<p><strong>Check out the latest DH videos here:</strong></p>