Cupertino, California - Ahead of its biggest product event of the year, Apple has been forced to issue a rushed fix to a security flaw that has reportedly allowed state-sponsored hackers to access private messages sent on iPhones and iPads.

A group of cybersecurity researchers announced on September 13 they had found the flaw was being exploited to spy on messages sent using Apple's in-house chat service iMessage.

The gap in Apple's device security came as the company was preparing to launch a new generation of its iPhones, typically marketed as having a high level of user privacy protection.

According to the organization Citizen Lab, researchers discovered the vulnerability while analyzing the phone of a Saudi Arabian activist. The device was infected with the controversial surveillance software Pegasus from the Israeli company NSO, Citizen Lab said.

Security activists including Citizen Lab have accused NSO, which offers its hacking tools to governments for hire, of facilitating "despotism-as-a-service" by allowing unaccountable government security agencies to hack into the phones of dissident citizens.

For anyone with an iPhone, iPad or Apple Watch, the security flaw means an update to the latest software version is imperative. Apple promptly released software updates to patch the security gap, and for these patches to take effect, the updates must be installed by users.

According to Citizen Lab, the vulnerability to Apple's software has been exploited since at least February 2021.