In case you prefer to keep using iPhone despite their poor security flaw, Apple users urged at list to update their devices after the tech giant announced a fix for a major software flaw that allows the Pegasus spyware to be installed on phones without so much as a click.

Apple said Monday that it had "rapidly" developed a software update after Citizen Lab alerted it to the hole in its iMessage software on Sept 7.

"Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals," the company said.

Citizen Lab said it was urging people "to immediately update all Apple devices".

- Intimate surveillance -

Explosive revelations that governments have spied on people using the hugely invasive software -- which was developed by the NSO Group, a secretive Israeli firm -- have ricocheted around the world since July.

Once Pegasus is installed on a phone, it can be used to read a target's messages, look at their photos, track their movements and even switch on their camera -- all without the person knowing.

The flaw fixed by Apple on Monday is a so-called "zero-click exploit", meaning that it can be installed on a device without the owner needing to do so much as click a button.

Less sophisticated spyware tools have generally required the target to click on a booby-trapped link or file in order to start tapping the person's communications.

Citizen Lab said it believed the flaw, which it named FORCEDENTRY, had been used to install Pegasus on devices since February 2021 or possibly earlier.

It is a variant of a weak spot in Apple's messaging software that Citizen Lab previously detected on the iPhones of nine Bahraini activists, who were hacked with Pegasus between June 2020 and February this year.

"Popular chat apps are the soft underbelly of device security. They are on every device," tweeted John Scott-Railton, a senior researcher at Citizen Lab who helped uncover the flaw.

The messaging service WhatsApp was previously also allegedly used to infiltrate phones using Pegasus, and its owner Facebook is suing the NSO Group.

The security of messaging apps "needs to be a top priority," Scott-Railton added, urging his followers: "UPDATE YOUR APPLE DEVICES NOW."

- 'Fighting crime' -

NSO, the company at the heart of the scandal, has denied any wrongdoing and insisted its software is intended for use by authorities only in fighting terrorism and other crimes.

But the company, which says it has clients in 45 countries, did not dispute that Pegasus had prompted Apple's urgent software upgrade.

It said in a statement that it would "continue to provide intelligence and law enforcement agencies around the world with life saving technologies to fight terror and crime."

Citizen Lab, which first uncovered Pegasus alongside cybersecurity firm Lookout five years ago, accuses NSO of selling the software to authoritarian governments that use it for repressive purposes.

Emerging economies such as India, Mexico and Azerbaijan dominated the list of countries where large numbers of phone numbers were allegedly identified as possible targets by NSO's clients.

Since July, the scandal has prompted calls from rights groups for an international moratorium on the sale of surveillance technology until regulations are put in place to prevent abuses.

That call was backed by United Nations human rights experts last month.

"It is highly dangerous and irresponsible to allow the surveillance technology and trade sector to operate as a human rights-free zone," they said.

Israel's defense establishment has meanwhile set up a committee to review NSO's business, including the process through which export licences are granted.

- The problem is not NSO. The problem is Apple. 

NSO is not the only company that selling iPhone backdoor sand spying services all over the world. There are at list more 20 companies that doing it. 

Attacking NSO is wrong. They only using their knowledge to access what Apple enables to be open for back doors.

Apple do not allow to remove their most venerable softwares, iMessage and FaceTime, and iPhone users have no choice but to have it installed even if they do not want it.

The fastest solution is to change your iPhone to Android phone. The temporary, limited and minor solution is to update your iOS to the latest version. It will not protect your phone from all hackers, but will close one well known backdoor from the few that NSO and other companies are selling to hack iPhones and other iOS devices.