๐Ÿ‡ฆ๐Ÿ‡บStalecollected in 14m

Apple Patches 'Coruna' Exploit

Apple Patches 'Coruna' Exploit
PostLinkedIn
๐Ÿ‡ฆ๐Ÿ‡บRead original on iTNews Australia

๐Ÿ’กApple fixed 'Coruna' zero-day in old iOSโ€”patch dev devices ASAP

โšก 30-Second TL;DR

What Changed

'Coruna' exploit now patched by Apple

Why It Matters

Ensures safer environments for iOS app developers, including those building AI features with Core ML. Legacy device users avoid compromise risks.

What To Do Next

Apply the iOS/iPadOS patch to all legacy test devices via Xcode or OTA update.

Who should care:Developers & AI Engineers

๐Ÿง  Deep Insight

Web-grounded analysis with 8 cited sources.

๐Ÿ”‘ Enhanced Key Takeaways

  • โ€ขCoruna exploit kit contains 23 exploits across five chains named Sparrow, Rocket, Photon, Gallium, and an unnamed fifth chain, targeting iOS 13.0 to 17.2.1.[1][2]
  • โ€ขUsed in targeted surveillance attacks by a vendor's customer, Ukrainian watering hole campaigns by UNC6353, and broad-scale attacks by Chinese actor UNC6691.[2]
  • โ€ขIncludes advanced reusable modules like rwx_allocator for RWX memory allocation and kernel PAC bypasses, with some vulnerabilities from Operation Triangulation.[1][6]

๐Ÿ› ๏ธ Technical Deep Dive

  • โ€ขFive exploit chains: Sparrow (CVE-2024-23225, iOS 17.0-17.3), Rocket (CVE-2024-23296, iOS 17.1-17.4), Photon and Gallium reusing Operation Triangulation zero-days.[1][2]
  • โ€ขTechniques include host fingerprinting, CVE-2024-23222 for RCE, ASLR bypass, Safari sandbox escape, PAC bypass on Apple Silicon, kernel exploits like CVE-2023-32434 and CVE-2023-38606.[1][3]
  • โ€ขFramework uses shared utilities, custom loaders, avoids Lockdown Mode/private browsing, delivers WebKit RCE and PAC bypasses, deploys encrypted payloads as .min.js files tailored to chip/iOS version.[2]

๐Ÿ”ฎ Future ImplicationsAI analysis grounded in cited sources

Active market for second-hand iOS zero-days will accelerate exploit reuse by diverse threat actors.
GTIG tracked Coruna's adaptation from surveillance to Ukrainian and Chinese campaigns, indicating thriving trade in advanced exploits.[2]
Legacy iOS devices remain at risk until all owners update to iOS 15.8.7 or 16.7.15.
Updates patch kernel/WebKit flaws like CVE-2023-41974 and CVE-2023-43010 specifically for older hardware unable to run iOS 17+.[3][5]

โณ Timeline

2023-09
iOS 17 patches initial Coruna-related kernel vulnerability (e.g., CVE-2023-41974).
2023-12
Coruna becomes ineffective against iOS 17.2.1+ as patches roll out.
2026-03
Google Threat Intelligence discloses Coruna exploit kit details publicly.
2026-03-11
Apple releases iOS 15.8.7, iOS 16.7.15, iPadOS equivalents targeting Coruna flaws.
2026-03-12
Apple confirms updates address Coruna-associated kernel and WebKit vulnerabilities.
๐Ÿ“ฐ

Weekly AI Recap

Read this week's curated digest of top AI events โ†’

๐Ÿ‘‰Related Updates

AI-curated news aggregator. All content rights belong to original publishers.
Original source: iTNews Australia โ†—