Apple has resolved an iMessage concern involving the Nickname Replace function may have been exploited to set off errors with no consumer interplay.In a report printed Thursday, iVerify says there may be proof to counsel the flaw had been used to focus on the gadgets of high-profile people resembling political figures, journalists, tech firm executives and authorities officers in the US and the European Union.The Nickname Replace function gives customers the choice to ship profile data resembling their nickname and profile image to different iMessage customers when the “Share Identify and Picture” setting is turned on. With this setting energetic, customers can be prompted to ship their nickname data when messaging somebody new.The difficulty may have probably been exploited by sending nickname data to a goal in fast succession, triggering a race situation the place a number of threads tried to entry the identical a number of dictionaries concerned within the Nickname Replace course of inside the similar timeframe.This use-after-free (UAF) error may set off a crash of the “imagent” course of, which handles iMessage site visitors, and iVerify famous it may additionally probably be exploited for managed reminiscence corruption that helps facilitate code execution. No interplay from the receiving consumer is required to obtain and course of Nickname Replace data, making this concern a possible zero-click exploit.Crash logs that led iVerify to uncover this error point out the difficulty would have solely been current between iOS variations 17.2.1 by way of 18.1.1, with the difficulty already absolutely mounted by 18.3. The 18.3 iOS model makes use of immutable copies of nickname-related dictionaries when processing updates, stopping the race situation type occurring.Additionally famous within the crash logs was the rarity of this explicit reminiscence corruption error triggered by nickname updates, making up solely about 0.0016% of crashes detected in iVerify’s telemetry. These uncommon crashes disproportionally affected high-profile people, pointing to potential deliberate exploitation of the flaw in assaults in opposition to these people.Additional corroborating this idea is the truth that one of many affected people, a senior EU authorities official, acquired an Apple Risk Notification thirty days after such a crash occurred. One other affected particular person famous being bodily surveilled and observing different anomalous system conduct across the time of the crash.iVerify discovered suspicious modifications to SMS attachment directories about 20 seconds after a crash on one of many affected gadgets, indicating potential clean-up conduct by a malicious actor. Nonetheless, the researchers additionally famous the likelihood that these crashes have been incidental to separate exploit chain, resembling an assault the place a number of messages have been despatched in fast succession, inadvertently triggering the crash.On the time of publishing Apple had but to reply to a request for remark.
