ios-imessage-zero-click-exploit

CVE-2025-31200/31201 - iOS Zero-Click iMessage Exploit Chai...

Apple iMessage Zero-Click Key Theft / Remote Code Execution

This is a strategic public disclosure of a zero-click iMessage exploit chain that was discovered live on iOS 18.2 and remained unpatched through iOS 18.4. It enabled Secure Enclave key theft, wormable remote code execution, and undetectable crypto wallet exfiltration. Despite responsible...

Blasting Past Webp

An analysis of the NSO BLASTPASS iMessage exploit Posted by Ian Beer, Google Project Zero On September 7, 2023 Apple issued an out-of-band security update for iOS: Around the same time on September 7th 2023, Citizen Lab published a blog post linking the two CVEs fixed in iOS 16.6.1 to an "NSO Gro...

PT-2023-4994

Name of the Vulnerable Software and Affected Versions Apple iOS, iPadOS, and macOS versions prior to 16.6.1 Apple macOS Monterey versions prior to 12.6.9 Apple macOS Ventura versions prior to 13.5.2 Apple iOS versions prior to 15.7.9 Apple iPadOS versions prior to 15.7.9 Apple macOS Big Sur...

New Zero-Click Hack Targets iOS Users with Stealthy Root-Privilege Malware

A previously unknown advanced persistent threat APT is targeting iOS devices as part of a sophisticated and long-running mobile campaign dubbed Operation Triangulation that began in 2019. "The targets are infected using zero-click exploits via the iMessage platform, and the malware runs with root...

A ‘Bulletproof’ Criminal VPN Was Taken Down in a Global Sting

Plus: Dozens of reporters get hit by an iMessage exploit, continued fallout from the SolarWinds hack, and more of the week’s top security news...

iPhones of 36 Journalists Hacked Using iMessage Zero-Click Exploit

Three dozen journalists working for Al Jazeera had their iPhones stealthily compromised via a zero-click exploit to install spyware as part of a Middle East cyberespionage campaign. In a new report published yesterday by University of Toronto's Citizen Lab, researchers said personal phones of 36...