Skip to content

High value individuals in US, EU targeted by suspected iMessage zero day

  • by
  • 2 min read

Photo: oasisamuel / Shutterstock.com

High-value individuals in the US and EU may be targeted in a sophisticated iMessage zero-day exploit. The campaign has so far targeted six devices belonging to individuals involved in political campaigns, media organisations, tech companies, governments, and more.

Suspicious activity was first noted in late 2024 and early 2025, with the latest attacks happening in March 2025. iVerify, which published a technical report of the exploits, claims that at least one victim received Apple’s threat notifications. The vulnerability is called Nickname, and signatures associated with the exploit were found on four of the six devices, with two showing clear signs of exploitation.

The bug itself lies in iMessage’s process handling traffic. The entire process uses a changeable data container when broadcasting updates, which can be intercepted and changed by an unauthorised third party to create a race condition, which then triggers a use-after-free memory corruption bug.

This is an image of imessage not working featured

When exploited, the bug can trigger the exploit without any user interaction by simply spamming multiple nickname updates to iMessage. iVerify claims that the bug was seen in devices running iOS versions up to 18.1.1, finally being fixed in iOS 18.3.1. On the exploited iPhones, directories related to SMS attachments and message metadata were accessed and then emptied 20 seconds after “imagent,” the process targeted by the exploit, crashed.

The firm believes that the campaign is part of a larger exploit chain that eventually leads to the target device being fully compromised. All six targets in this case were previously targeted by Chinese state-sponsored hackers. Given their affiliations with government agencies, tech companies, and more sensitive fields, it could be a larger campaign aimed at disruption rather than a financially motivated cyber attack, where hackers are usually interested in making money and disappearing without leaving much evidence behind.

In the News: BADBOX 2.0 botnet exploits 1M Android devices for cyber fraud

Yadullah Abidi

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: yadullahabidi@pm.me.

Related Reads

Photo: koshiro k/shutterstock. Com

OpenAI bans ChatGPT accounts used by hacking groups

This is an image of malware featured security

Badbox 2.0 Android malware found infecting millions of devices, FBI issues warning

This is an image of dark web hacker security

20 suspects arrested for distributing child sexual abuse content

This is an image of vodafone featured 131

Vodafone Germany fined $51 million for failing to protect user data

This is an image of dark web hacker security

Interlock ransomware claims Kettering health attack

This is an image of kiranapro featured

Online grocery shop KiranaPro hacked; AWS and GitHub code wiped

>