iVerify’s NICKNAME discovery reveals a zero-click iMessage flaw exploited in focused assaults on US & EU high-value people together with political figures, media professionals and executives from AI corporations.
iVerify, a number one cell EDR safety platform, has revealed the invention of a beforehand unknown zero-click vulnerability in Apple’s iMessage service. Dubbed NICKNAME, this flaw can compromise an iPhone with none person interplay, and it seems to be a part of a classy cell spyware and adware marketing campaign, doubtlessly backed by China, focusing on vital people within the US and Europe.
Based on iVerify’s report, shared with Hackread.com, they noticed uncommon exercise on iPhones of distinguished entities within the US and the European Union in late 2024 and early 2025. This included uncommon crashes that made up solely 0.0001% of crash logs from a pattern of fifty,000 iPhones, typical of superior zero-click iMessage assaults.
By forensic evaluation, the NICKNAME vulnerability was detected on gadgets belonging to high-value people of curiosity to the Chinese language Communist Occasion (CCP). These targets embrace political figures, media professionals, and executives from synthetic intelligence corporations. Notably, some affected people had beforehand been focused by Salt Hurricane, a recognized cyber operation
The exploit leverages a weak point within the imagent course of on iPhones, believed to be triggered by a fast collection of nickname updates despatched by way of iMessage. This motion ends in a use-after-free reminiscence corruption, creating a gap for attackers to realize management.
iVerify’s extremely in-depth technical investigation has recognized six gadgets believed to be focused, with 4 displaying clear NICKNAME signatures and two indicating profitable exploitation. These victims constantly had connections to actions of curiosity to the CCP, resembling prior focusing on by Salt Hurricane, enterprise dealings opposite to CCP pursuits, or activism in opposition to the regime.
Whereas Apple launched a patch for this vulnerability in iOS 18.3.1, iVerify cautions that NICKNAME could also be only one part of a bigger, lively exploit chain. The corporate stresses the crucial want for organizations, together with authorities our bodies, to adapt their cell safety fashions to counter these superior fashionable threats.
The CCP’s direct attribution will not be definitively confirmed, however circumstantial is compelling. Moreover, as per iVerify, proof from impartial iOS safety consultants, together with Patrick Wardle from the Goal-By-The-Sea basis, helps cell compromise as an actual menace within the US.
This discovery is vital because it may very well be the primary systematic detection of iMessage zero-click exploitation in america. Such assaults are significantly harmful as a result of they bypass even extremely safe messaging functions like Sign.
As soon as a tool is compromised, all personal conversations and information, whatever the utility used, grow to be accessible to attackers. That is significantly vital given occasions like SignalGate, which present that no communication channel is actually personal if compromised.
