Apple has plugged a hole that could’ve allowed invasive spyware through.

Yesterday, Apple released an important new iOS 14.8 software update. This update, among other things, contains a patch for a critical vulnerability in the iMessage software. This vulnerability, originally uncovered by the University of Toronto’s Citizen Lab, could be used by a hacker to infiltrate a user’s phone to access data and plant spyware. What makes this vulnerability especially alarming is that, unlike many potential avenues of entry for hackers, it does not require any link clicks or interaction from users; a hacker could simply slip right in.

Apple issued emergency updates to fix a flaw that allows highly invasive spyware to infect anyone’s iPhone, Apple Watch or Mac computer without so much as a click. https://t.co/rcWZ9bZufZ

— The New York Times (@nytimes) September 13, 2021

“Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals,” Ivan Krstić, head of Apple Security Engineering and Architecture, said in a statement thanking Citizen Lab for finding the vulnerability.

This is not a drill. 🚨

If you have an iPhone, install today's iOS 14.8 update to fix a zero-day zero-click vulnerability previously used to install spyware. pic.twitter.com/f2Ervr02tD

— BleepingComputer (@BleepinComputer) September 13, 2021

Krstić has advised that all iPhone users update their devices immediately, though he also assured that the vulnerability is “not a threat to the overwhelming majority of our users.”

According to the Citizen’s Lab report, this vulnerability has previously been exploited by Israeli firm NSO Group to spy on certain activists and journalists. NSO Group declined to comment on these allegations.