The Google Threat Intelligence Group has revealed alarming details about "Coruna," a sophisticated exploit kit targeting iPhones running outdated versions of iOS.
If your iPhone is not yet updated to the latest iOS version, maybe this is the sign to regularly update your software to achieve stronger security protection.
Coruna iOS Exploit
According to findings published on the Google Cloud Blog and supported by mobile security firm iVerify, Coruna combines five full exploit chains and 23 vulnerabilities to compromise devices operating on iOS 13 through iOS 17.2.1.
The attack begins when a user visits a malicious website embedded with hidden JavaScript. The script silently identifies the device model, iOS version, and security configurations before launching a multi-stage exploit.
By chaining multiple vulnerabilities together, Coruna bypasses Apple's built-in protections, escalates system privileges, and installs malware capable of harvesting sensitive data or downloading additional malicious components.
According to 9to5Mac, researchers report that Coruna is engineered to detect whether Apple's Lockdown Mode is enabled. If the feature is active, the exploit immediately terminates. It also fails to function when users browse in private mode and does not impact devices running the latest iOS versions. These safeguards underscore the importance of keeping iPhones updated with current software patches.
Possible Nation-State Origins Raise Concerns
Reverse engineering conducted by iVerify indicates that Coruna shares technical foundations with known U.S. government-developed hacking tools. However, researchers believe the framework may have leaked and is now being leveraged by Russian intelligence actors and cybercriminal groups based in China.
Security analysts describe the campaign as the first confirmed instance of widespread mobile exploitation using tools likely derived from nation-state capabilities.
Watering Hole Attacks Target Crypto Users
Investigators found that Coruna spreads through "watering hole" attacks on compromised websites, including fraudulent cryptocurrency platforms. Once installed, the malware focuses on extracting digital wallet data and recovery phrases, revealing clear financial motives behind the operation.
It's not advisable to delay updating your devices, but some people have their reasons. Some wanted to downgrade because their favorite apps aren't compatible with the latest iOS version. Others want to retain their current iOS update because it's more seamless and easier to navigate.
Either way, there will come a time when we need to keep up with the most recent iOS updates to avoid increased exposure to advanced threats.
Originally published on Tech Times
