BOSTON (AP) — Apple released an emergency security software patch to fix a vulnerability.

An internet watchdog group says the flaw allowed spyware from the world’s most infamous hacker-for-hire firm, NSO Group, to infect the iPhone of a Saudi activist without any user interaction.

The researchers from the University of Toronto's Citizen Lab said it was the first time a so-called “zero-click” exploit had been caught and analyzed.

They said they found the malicious code on Sept. 7 and had high confidence NSO Group was behind the attack.

NSO Group did not immediately respond to an email seeking comment.

A spokesperson for Apple confirmed the legitimacy of the threat to The New York Times and said it planned to add "spyware barriers" to iOS 15 this year.

Apple customers are urged to install the security patch immediately.