Apple’s iMessage Vulnerability “NICKNAME” Exploited in Targeted Attacks

A new zero-click iMessage exploit, dubbed “NICKNAME,” has been uncovered by security researchers at iVerify, targeting high-profile individuals in the United States and European Union. The sophisticated vulnerability, which affects the iMessage Nickname Update feature, has been exploited in targeted attacks against political figures, journalists, tech executives, and government officials.

According to iVerify’s threat intelligence report, the exploit leverages a race condition in the iMessage Nickname Update feature when “Share Name and Photo” is enabled. Attackers could send nickname information in rapid succession, causing multiple threads to simultaneously access the same dictionaries involved in the update process. This vulnerability affects the “imagent” process, which due to its position in the operating system, provides attackers with a primitive for further exploitation.

Source: Pexels Image

The targeted attacks primarily focused on:

• Political figures and campaign staff
• Journalists and media organizations
• Tech company executives (particularly from AI companies)
• Government officials in the US and EU

iVerify detected extremely rare crashes on affected devices that constituted only 0.0001% of crash log telemetry from a sample of 50,000 iPhones. Evidence suggests the vulnerability was exploited as recently as March 2025, with at least one senior EU government official receiving Apple Threat Notifications after experiencing these crashes.

As zero-click exploits continue to pose a significant threat to mobile security, organizations and high-profile individuals must remain vigilant in protecting their devices and data. Regularly updating software, using mobile threat defense solutions, and following best practices for secure communication can help mitigate the risk of falling victim to targeted attacks like those exploiting the NICKNAME vulnerability.