Security advisers have articular a three-headed monster that could be used to record sounds, aggregate passwords, read text messages, record calls and track users. All iOS versions 9.3.4 and below are vulnerable.

The attack utilizes a mobile spyware product, ‘Pegasus,’ created by NSO Group — an Israeli cyber warfare company — advised to attack high-value targets. Using one of three known iOS 9.3.4 aegis vulnerabilities — dubbed ‘Trident’ — the accomplishment is able of hijacking an iPhone or iPad with a single click.

According to Mike Murray, VP of Aegis Research and Response at cyber aegis firm Lookout:

The Trident vulnerability chain is the first that anyone’s seen of a one-click remote jailbreak of an Apple device. It’s the smoker gun active mobile threat that we’ve always known existed but didn’t yet have proof of. This demonstrates that highly resourced actors see the mobile belvedere as a abundant target for acquisition advice about targets and consistently accomplishment the mobile ambiance for this purpose.

Unfortunately, the vulnerabilities are more than a month old at this point, so it’s cryptic how boundless the damage is. Aegis advisers at Citizen Lab and Lookout worked anon with Apple to identify, and push an emergency patch to close the vulnerabilities.

Today, Apple appear an iOS update absolute the patch, iOS 9.3.5.

iOS 9.3.5 follows addition aegis patch three weeks ago, 9.3.4, that was anticipation to be the final iOS 9 update before the absolution of iOS 10 next month. The newly-discovered vulnerability led to a change of plans, and a new iOS version. The update is accessible now for all iOS devices.

If you’re currently running iOS 9.3.4 (or older), it’s acute to update your device immediately.