YOU should update your iPhone as soon as possible, and this is why.

Apple has released a series of new updates not only for the iPhone but also for the WatchOS and MaxOS, to fight spyware.

According to security researchers at the Citizen Lab, a new bug allows Pegasus spyware to be installed on their devices.

Further investigation reveals that the bug allows ‘zero-click installation’, meaning that it can get into your device without clicking a link.

Apple believes that the spyware may already have exploited several devices.

The new update, to iOS 14.8, mainly focuses on tightening security on devices.

What is Pegasus spyware?

The spyware can be installed on devices running certain versions of iOS, Apple's mobile operating system, as well as some Android devices.

Rather than being a specific exploit, Pegasus is a suite of exploits that uses many vulnerabilities in the system.

Infection vectors include clicking links, the Photos app, the Apple Music app, and iMessage.

Some of the exploits Pegasus uses are zero-click—that is, they can run without any interaction from the victim.

Once installed, Pegasus has been reported to be able to run arbitrary code, extract contacts, call logs, messages, photos, web browsing history, settings, as well as gather information from apps including but not limited to communications apps iMessage, Gmail, Viber, Facebook, WhatsApp, Telegram, and Skype.

Pegasus hides itself as far as is possible and self-destructs in an attempt to eliminate evidence if unable to communicate with its command-and-control server for more than 60 days, or if on the wrong device.

What should I do to protect my iPhone from Pegasus spyware?

Update your iPhone to iOS 14.8 as soon as possible.

Also update your Mac, iPad and Apple Watch.

In a blog post, Apple said it was issuing a security update for iPhones and iPads because a “maliciously crafted” PDF file could lead to them being hacked.

It said it was aware that the issue may have been exploited and cited Citizen Lab. Apple did not immediately respond to questions regarding whether this was the first time it had patched a zero-click.