iPhone users have been urged to download a new update immediately. The update was pushed out by Apple to iPhones and iPads after a major security vulnerability was found in the devices. Patching up that hole with the new software update should keep those devices safe. But without it, attackers could break into an iPhone and spy on its user. The security issue was found by researchers at the University of Toronto’s Citizen Lab. They said the problem was being ‘actively exploited’ by hackers, and that all users should update immediately. They were doing so by delivering commercial software called Pegasus, which is made and sold by Israeli company the NSO Group. That software is expensive and targeted, and has primarily been used on specific activists, journalists and politcians, who are likely to know if they are at particular risk of an attack. The latest attack was used on the iPhone of a member of staff at a US civil society organisation with international offices, Citizen Lab said. It named the new exploit BLASTPASS and said that it did not even require users to click anything on their device. The NSO Group and Apple have in recent years been engaged in a long-running fight to find and fix security flaws that could allow for the delivery of that software. Recent iPhone updates brought a new ‘Lockdown Mode’ that places extra restrictions on the device in an attempt to close up potential security flaws. That includes not downloading images that could include spyware, for instance – which is how attackers deliver the hack in this most recent scare. Downloading the new update is simple. It is done through the Settings app on iPhones and iPads, by clicking the ‘general’ and then ‘software update’ options – that will check for any new updates, and offer the option to download it. Phones may eventually automatically install the new operating system, which could mean that no download shows up in that screen. Users can check if they have already updated to the new, patched operating system by clicking the ‘about’ option in the general settings, and looking whether they have the newest iOS 16.6.1. Similar updates are available for Macs and Apple Watches, and are installed in much the same way. Citizen Lab also advised that anyone ‘who may face increased risk because of who they are or what they do’ should switch on Lockdown Mode. Apple confirmed that would block the new attack, researchers said.