iVerify links suspicious crash logs to flaws patched in iOS 18.3
A new report from mobile-forensics specialist iVerify claims that the iPhones of at least five prominent Americans, including former staffers on the 2024 Harris-Walz presidential ticket, show digital fingerprints consistent with a sophisticated “zero-click” spyware campaign. Apple disputes the conclusion, insisting the artifacts relate to “a conventional software bug that we identified and fixed in iOS 18.3.”
While attribution remains uncertain, the discovery once again spotlights how nation-state adversaries are weaponising the wireless layer
“We’re not waving a smoking gun, but the clustering of rare crash-log patterns on high-value targets is significant and should be shared with the research community,”
Rocky Cole, CEO, iVerify
iVerify’s Claims about the Possible Hack:
Out of nearly 50,000 iPhones analyzed by the researchers, only six, all linked to politics, AI, or national media, showed the anomalous crash logs.
iVerify believes that threat actors pushed the spyware last year without user interaction
An undisclosed iMessage flaw is iVerify’s prime suspect. Apple patched this flaw in its iOS 18.3 update.
This update also patched a critical vulnerability in Apple’s Bluetooth implementation that would allow attackers to gain control over the Bluetooth antenna of the device:
CVE-2024-9956: Passkeys
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: An app may gain unauthorized access to Bluetooth
Description: This is a vulnerability in open source code, and Apple Software is among the affected projects.”
Surge of Targeted Mobile Device Attacks
As we highlighted in our recent blog post, Wormable Zero-Click Wireless Vulnerabilities Threaten Apple Ecosystem and 3rd-Party IoT Devices, Apple has faced a sudden surge of ‘in-the-wild’ targeted zero-day attacks against its users in 2025.
2025 Zero-Day Trendline: Apple’s Wireless Blind Spots Keep Widening
| Date (2025) | CVE | Sub-System | Exploit Confirmed in the Wild | Affected Platforms |
| Jan 28 | CVE-2025-24085 | CoreMedia | ✅ | iOS / iPadOS / macOS / tvOS / visionOS / watchOS |
| Feb 10 | CVE-2025-24200 | USB Restricted Mode | ✅ | iOS / iPadOS |
| Mar 11 | CVE-2025-24201 | WebKit | ✅ | iOS / iPadOS / Safari |
| Apr 16 | CVE-2025-31200 | CoreAudio | ✅ | iOS / iPadOS / macOS |
| Apr 16 | CVE-2025-31201 | RPAC (Pointer Auth) | ✅ | iOS / iPadOS / macOS |
Targeted Attacks Go Nationwide:
The recent trend in targeted mobile device attacks extends beyond the physical devices themselves, however.
In late 2024, investigators uncovered “Salt Typhoon,” a Chinese-linked group that infiltrated at least nine American telecom carriers, including AT&T, Verizon, Lumen, and several regional backbones, targeting prominent U.S. politicians, including members of the Harris-Walz and Trump-Vance 2024 presidential campaigns. Due to the extent of the attackers’ infiltration of US telecom infrastructure, the FBI issued warnings advising all Americans not to use unencrypted mobile messaging applications or unencrypted voice communication platforms, given Salt Typhoon’s potential access to them.
Patrick Arvidson, a former NSA mobile-security lead who previewed iVerify’s report, warns the trend line for these attacks is headed up and to the right:
“I think that you’re going to see in the coming year, two years, three years, more and more of these kinds of mass-scale incidents.”
Speaking to reporters, Cole himself warned that more of these attacks are likely to come:
“I think it illustrates that mobile compromise is real, not academic or hypothetical, and it’s happening here in the United States in a systematic way.”
