BOSTON — Apple released an emergency software patch to fix a security vulnerability that researchers said could allow hackers to directly infect iPhones and other Apple devices without any user action. The researchers at the University of Toronto’s Citizen Lab said the flaw allowed spyware from the world’s most infamous hacker-for-hire firm, NSO Group, to directly infect the iPhone of a Saudi activist. The flaw affected all Apple’s operating systems, the researchers said. It was the first time a so-called “zero-click” exploit had been caught and analyzed, said the researchers, who found the malicious code on Sept.