A newly uncovered zero-click vulnerability in Apple’s iMessage, codenamed NICKNAME, has been exploited in a series of sophisticated cyberattacks targeting influential individuals across the United States and Europe, according to a new report from mobile security firm iVerify.
The exploit, which requires no interaction from the victim, was detected on iPhones belonging to political leaders, journalists, and executives in the AI industry.
The campaign is suspected to be part of an espionage operation with potential links to Chinese state-backed actors.
In late 2024 and early 2025, iVerify observed a minuscule but significant anomaly in crash reports—0.0001% of logs among a sample of 50,000 iPhones. Deeper analysis led to the identification of the NICKNAME flaw, which stems from a vulnerability in the imagent process.
The exploit is triggered by a rapid sequence of iMessage nickname updates, leading to a use-after-free memory issue that allows for remote device takeover.
Six compromised devices have been identified so far. Four displayed signs of the NICKNAME exploit, while two showed evidence of successful breaches.
The common link among the victims was their perceived opposition to Chinese interests, with many previously targeted by the notorious Salt Typhoon operation or involved in business or activism against the Chinese Communist Party (CCP).
Although Apple addressed the flaw in its iOS 18.3.1 update, iVerify warns that NICKNAME may be only a single piece of a broader, ongoing exploit chain.
The company is urging government agencies and high-risk organizations to revamp their mobile security frameworks in light of the growing threat landscape.
While direct attribution to the CCP remains unconfirmed, circumstantial evidence is strong. Independent iOS security experts, including Patrick Wardle of the Objective-By-The-Sea foundation, have corroborated the threat, validating the risks posed by mobile spyware even against encrypted platforms like Signal.
