๐ฆ๐บiTNews AustraliaโขStalecollected in 14m
Apple Patches 'Coruna' Exploit

๐กApple fixed 'Coruna' zero-day in old iOSโpatch dev devices ASAP
โก 30-Second TL;DR
What Changed
'Coruna' exploit now patched by Apple
Why It Matters
Ensures safer environments for iOS app developers, including those building AI features with Core ML. Legacy device users avoid compromise risks.
What To Do Next
Apply the iOS/iPadOS patch to all legacy test devices via Xcode or OTA update.
Who should care:Developers & AI Engineers
๐ง Deep Insight
Web-grounded analysis with 8 cited sources.
๐ Enhanced Key Takeaways
- โขCoruna exploit kit contains 23 exploits across five chains named Sparrow, Rocket, Photon, Gallium, and an unnamed fifth chain, targeting iOS 13.0 to 17.2.1.[1][2]
- โขUsed in targeted surveillance attacks by a vendor's customer, Ukrainian watering hole campaigns by UNC6353, and broad-scale attacks by Chinese actor UNC6691.[2]
- โขIncludes advanced reusable modules like rwx_allocator for RWX memory allocation and kernel PAC bypasses, with some vulnerabilities from Operation Triangulation.[1][6]
๐ ๏ธ Technical Deep Dive
- โขFive exploit chains: Sparrow (CVE-2024-23225, iOS 17.0-17.3), Rocket (CVE-2024-23296, iOS 17.1-17.4), Photon and Gallium reusing Operation Triangulation zero-days.[1][2]
- โขTechniques include host fingerprinting, CVE-2024-23222 for RCE, ASLR bypass, Safari sandbox escape, PAC bypass on Apple Silicon, kernel exploits like CVE-2023-32434 and CVE-2023-38606.[1][3]
- โขFramework uses shared utilities, custom loaders, avoids Lockdown Mode/private browsing, delivers WebKit RCE and PAC bypasses, deploys encrypted payloads as .min.js files tailored to chip/iOS version.[2]
๐ฎ Future ImplicationsAI analysis grounded in cited sources
Active market for second-hand iOS zero-days will accelerate exploit reuse by diverse threat actors.
GTIG tracked Coruna's adaptation from surveillance to Ukrainian and Chinese campaigns, indicating thriving trade in advanced exploits.[2]
โณ Timeline
2023-09
iOS 17 patches initial Coruna-related kernel vulnerability (e.g., CVE-2023-41974).
2023-12
Coruna becomes ineffective against iOS 17.2.1+ as patches roll out.
2026-03
Google Threat Intelligence discloses Coruna exploit kit details publicly.
2026-03-11
Apple releases iOS 15.8.7, iOS 16.7.15, iPadOS equivalents targeting Coruna flaws.
2026-03-12
Apple confirms updates address Coruna-associated kernel and WebKit vulnerabilities.
๐ Sources (8)
Factual claims are grounded in the sources below. Forward-looking analysis is AI-generated interpretation.
- thehackernews.com โ Coruna Ios Exploit Kit Uses 23 Exploits
- securityaffairs.com โ Google Uncovers Coruna Ios Exploit Kit Targeting Ios 13 17 2 1
- appleinsider.com โ Latest Ios 15 Ios 16 Updates Target Coruna Exploit Affecting Older Devices
- gadgets360.com โ Apple Ios 15 Update Older Iphone Coruna Exploit Fixes 11204468
- 9to5mac.com โ Apple Confirms Todays Ios and Ipados Updates for Older Devices Address the Coruna Exploit
- cloud.google.com โ Coruna Powerful Ios Exploit Kit
- esecurityplanet.com โ Coruna Ios Exploit Kit Compromises Thousands of Iphones
- neowin.net โ Apple Releases Ios 1587 and Ios 16715 for Older Devices to Patch the Coruna Exploit
๐ฐ
Weekly AI Recap
Read this week's curated digest of top AI events โ
๐Related Updates
AI-curated news aggregator. All content rights belong to original publishers.
Original source: iTNews Australia โ