NICKNAME: Zero-Click iMessage Exploit Targeted Key Figures in US, EU

iVerify’s NICKNAME discovery reveals a zero-click iMessage flaw exploited in targeted attacks on US & EU high-value individuals including political figures, media pros and executives from AI companies.

iVerify, a leading mobile EDR security platform, has revealed the discovery of a previously unknown zero-click vulnerability in Apple’s iMessage service. Dubbed NICKNAME, this flaw can compromise an iPhone without any user interaction, and it appears to be part of a sophisticated mobile spyware campaign, potentially backed by China, targeting important individuals in the US and Europe.

According to iVerify’s report, shared with Hackread.com, they observed unusual activity on iPhones of prominent entities in the US and the European Union in late 2024 and early 2025. This included rare crashes that made up only 0.0001% of crash logs from a sample of 50,000 iPhones, typical of advanced zero-click iMessage attacks.

Through forensic analysis, the NICKNAME vulnerability was detected on devices belonging to high-value individuals of interest to the Chinese Communist Party (CCP). These targets include political figures, media professionals, and executives from artificial intelligence companies. Notably, some affected individuals had previously been targeted by Salt Typhoon, a known cyber operation

The exploit leverages a weakness in the imagent process on iPhones, believed to be triggered by a rapid series of nickname updates sent through iMessage. This action results in a use-after-free memory corruption, creating an opening for attackers to gain control.

iVerify’s highly in-depth technical investigation has identified six devices believed to be targeted, with four showing clear NICKNAME signatures and two indicating successful exploitation. These victims consistently had connections to activities of interest to the CCP, such as prior targeting by Salt Typhoon, business dealings contrary to CCP interests, or activism against the regime.

While Apple released a patch for this vulnerability in iOS 18.3.1, iVerify cautions that NICKNAME may be just one component of a larger, active exploit chain. The company stresses the critical need for organizations, including government bodies, to adapt their mobile security models to counter these advanced modern threats.

The CCP’s direct attribution is not definitively proven, but circumstantial is compelling. Furthermore, as per iVerify, evidence from independent iOS security experts, including Patrick Wardle from the Objective-By-The-Sea foundation, supports mobile compromise as a real threat in the US.

This discovery is important as it could be the first systematic detection of iMessage zero-click exploitation in the United States. Such attacks are particularly dangerous because they bypass even highly secure messaging applications like Signal.

Once a device is compromised, all private conversations and data, regardless of the application used, become accessible to attackers. This is particularly important given events like SignalGate, which show that no communication channel is truly private if compromised.