iPhone
[Representational Image]Reuters

Apple iPhones are known for their security, but when they are under attack by the world's most sophisticated spyware, it creates panic. A similar situation had all the iPhone users around the world on their toes when a spyware named "Pegasus" created three zero-day vulnerabilities to spy on specific targets.

Luckily Apple, along with a security firm Lookout, worked out a fix to counter Pegasus' illicit actions in a form of a security update. All iPhone users are strongly advised to update their iOS devices immediately to iOS 9.3.5, which is available over-the-air. The devices must be updated the traditional way, by going into the Settings > General > Software Update and then tap of "Download and Install."

Even though the software update fixes the vulnerabilities, any common iPhone user would have questions about Pegasus' origin and the dangers of this impossible-to-detect software that can hack an iPhone.

What is "Pegasus" and how did it work?

Pegasus is a malicious software that can launch a targeted attack on an iPhone without its owner ever knowing of it. It sends a simple SMS to the targeted iPhone, which contains a link. When the user clicks the link, it downloads the malware on the device.

Using the three zero-day vulnerabilities, Pegasus can gain access to all the information on the iPhone, including Gmail, Facebook and more. It then sends that information to whoever is behind the attack.

Who is behind this attack?

Pegasus is the work of a secretive intelligence company called NSO Group. There isn't much known about this organisation, but as per Motherboard's deep investigation, it is learnt that the NSO Group is based out of Israel and came into inception in 2010.

"NSO Group are a highly valued surveillance company purporting to sell some of the most advanced spyware on the market," Edin Omanovic, a research officer at Privacy International, told Motherboard. "Given the secretive nature of the company however, as with everything in the surveillance industry, it is very difficult to separate fact from marketing."

NGO Group has openly accepted that it only sells to "authorised" governments and its mission is to help make the world a safer place.

What were the dangers?

As in the case of any cyber attack, there is a serious danger to the information stored on a device. In the case of Pegasus, which has been described by Lookout "the most sophisticated attack we've seen on any endpoint," the software once installed on the targeted device has the potential to gain admin access without the knowledge of the owner.

It can access all the photos and screenshots, information from apps such as Facebook and Gmail, intercept calls from Skype and WhatsApp, retrieve files, calendar records and remotely turn on microphone to eavesdrop on any conversation.

In case you haven't updated your iPhone or iPad yet, do so immediately to stay protected from Pegasus.