Apple issued emergency software updates for a critical vulnerability in its products on Monday after security researchers uncovered a flaw that allows highly invasive spyware from Israel’s NSO Group to infect anyone’s iPhone, iPad, Apple Watch or Mac computer without so much as a click.

Apple’s security team had worked around the clock to develop a fix since Tuesday, after researchers at Citizen Lab, a cybersecurity watchdog organization at the University of Toronto, discovered that a Saudi activist’s iPhone had been infected with an advanced form of spyware from NSO.

The spyware, called Pegasus, used a novel method to invisibly infect Apple devices without victims’ knowledge. Known as a "zero click remote exploit,” it is considered the holy grail of surveillance because it allows governments, mercenaries and criminals to secretly break into someone’s device without tipping the victim off.