Gaps On IMessage Can Be Used For Zero-click Attacks On IPhone Users

IMessage illustration on iPhone (photo: x @app_settings)

JAKARTA A rare security gap in iMessage that has now been fixed has opened up the possibility of interactionless spy attacks (zero-click) on high-profile iPhone users, such as journalists, government officials, and technology executives. But Apple doubts these claims.

The bug, dubbed 'Nickname', was discovered by cybersecurity firm iVerify and is related to the Share Name and Photo feature in the Messages (Messages) application. This feature allows users to share names, profile photos, and wallpapers with others when sending messages.

According to iVerify, the way iOS processes call-name updates has a vulnerability that allows the Messages crash app remotely. Strikers only need to send a series of name updates specifically and regularly to trigger memory errors in a system process called imagent.

Because it doesn't require user interaction, this gap is classified as a zero-click attack. The attacker only needed a phone number and an Apple ID target to run it.Bug this has been fixed quietly in the iOS 18.3 update.

Between April 2024 and January 2025, iVerify analyzed the log crash of nearly 50,000 iOS devices. Only less than 0.002% of devices show this type of crash, and are mostly used by individuals at high risk.

A senior EU official crashed according to Nickname's gap pattern, and received a threatening notification from Apple a month later. In another case, it was found that traces of file removal were only 20 seconds after the crash occurred as "similar to the spyware attack pattern."

Although no malware was found directly, iVerify stated with the moderate confidence level' that this bug may be part of a larger chain of exploitation.

Apple strongly denies that this bug has been maliciously exploited. Apple's Head of Security Engineering Team, Ivan Krstic, stated that the crash that occurred was just an ordinary software bug that had been fixed at iOS 18.3, not the result of a cyberattack.

Apple also said iVerify did not provide technical evidence that spyware had been installed.

Although there has been no malware confirmation, this report shows that advanced features in messages can carry new risks, especially for users who are in sensitive fields such as journalism or politics.

iMessage itself already has a strict screening system like BlastDoor to ward off malicious data. However, zero-click attacks like this indicate that threats to communication systems remain and continue to evolve.

To protect yourself from hidden threats like this:

Always update your iOS as soon as possible whenever there's an update.

Enable automatic update in Settings > General > Software Update.

If you are working in a high-risk sector (journalists, activists, officials, etc.), consider activating Lockdown Mode so that the system is more stringent to attacks.

Avoid opening or replying to suspicious messages, especially from unknown numbers.

For more information, users can monitor Apple's official security page.