iVerify Uncovers Evidence of Zero-Click Mobile Exploitation in the US
a year ago
- #iOS vulnerability
- #zero-click exploit
- #cybersecurity
- iVerify detected anomalous activity on iPhones linked to political campaigns, media, A.I. companies, and governments in the U.S. and EU.
- Discovered a zero-click iMessage exploit (NICKNAME) via the 'imagent' process, patched in iOS 18.3.
- Evidence suggests targeted attacks, including Apple Threat Notifications to high-value EU officials.
- Exploitation signs included bulk iMessage attachment creation/deletion post-crash.
- All observed victims had prior CCP targeting or counter-CCP activities.
- Vulnerability likely triggered by rapid-fire nickname updates causing memory corruption.
- Patch confirmed in iOS 18.3.1, but potential for other active exploit chain elements remains.