A new report from the team at iVerify warns that a “previously unknown” vulnerability in iOS maybe enabled a highly targeted attack on iPhones in the U.S. as well as Europe. This flaw was not in the core messaging architecture itself, but in its nickname feature. “Any increase in the size of a codebase is going to introduce attack opportunities,” iVerify told. And that’s the case here. When a user updates their profile, “nickname, photo, or wallpaper,” this triggers “a ‘Nickname Update’ on a recipient’s device.” Trivial though it might seem, that nickname update process is a data transmission from one device to another, it’s implicitly trusted data and it’s within the secure enclave. “This vulnerability was present in iOS versions up to 18.1.1 and fixed in iOS 18.3.1.” While there’s no doubting the flaw and the fix, there is no concrete proof it was exploited in the wild. “We analyzed crash data from nearly 50,000 devices,” iVerify says, “and found that the imagent crashes related to Nickname Updates are exceedingly rare, comprising less than 0.001% of all crash logs collected.” But those rare instances appeared only on “devices belonging to individuals likely to be targeted by sophisticated threat actors.” iVerify reports that forensic examination of one affected device “provided evidence suggesting exploitation: several directories related to SMS attachments and message metadata were modified and then emptied just 20 seconds after the imagent crash occurred. This pattern of deleting potential evidence mirrors techniques observed in confirmed spyware attacks where attackers ‘clean up’ after themselves.”