Coruna Exploit Endangers iPhones

💡Elite iPhone exploit Coruna leaks from govts to criminals—patch iOS now or risk data theft.
⚡ 30-Second TL;DR
What Changed
Zero-click compromise via website using 5 exploit chains and 23 vulnerabilities.
Why It Matters
Demonstrates how elite nation-state exploits inevitably leak to mass criminals, undermining global security. Urges universal patching as no hack is safely containable.
What To Do Next
Enable Lockdown Mode on all iOS development devices to block Coruna-like exploits.
🧠 Deep Insight
Web-grounded analysis with 8 cited sources.
🔑 Enhanced Key Takeaways
- •Coruna first observed in February 2025 by a customer of a commercial surveillance vendor, using a novel JavaScript framework for device fingerprinting[1][2][3][4].
- •In July 2025, deployed in watering hole attacks on Ukrainian websites by suspected Russian espionage group UNC6353[2][3][5].
- •By December 2025, repurposed by a China-based financially motivated actor via fake gambling and crypto scam sites[1][3][4][5].
🛠️ Technical Deep Dive
- •Includes device fingerprinting to identify iPhone models and iOS versions, automatic selection of compatible WebKit vulnerabilities, and bypasses for Apple protections like pointer authentication[2].
- •Uses custom encryption and compression for payload delivery, with a binary loader (PlasmaLoader) that installs into system processes[2][4].
- •Payload scans images for QR codes, searches text blobs (e.g., Apple Memos) for BIP39 phrases, keywords like 'backup phrase' or 'bank account', and exfiltrates crypto wallet data from apps like Metamask and BitKeep[2][4][5].
- •Delivers via hidden iFrame on websites, starting with CVE-2024-23222, combining 23 exploits (some unassigned CVEs) across five chains from iOS 13.0 to 17.2.1[3][4].
- •Features well-engineered framework with obfuscated exploits, inline documentation in native English, and debug versions revealing internal name 'Coruna'[3][4][6].
🔮 Future ImplicationsAI analysis grounded in cited sources
⏳ Timeline
📎 Sources (8)
Factual claims are grounded in the sources below. Forward-looking analysis is AI-generated interpretation.
- siliconrepublic.com — Outdated Iphones Vulnerable to New Hacking Tool with Possible US Origins Coruna
- infosecurity-magazine.com — Coruna Exploit Older Iphones
- thehackernews.com — Coruna Ios Exploit Kit Uses 23 Exploits
- cloud.google.com — Coruna Powerful Ios Exploit Kit
- helpnetsecurity.com — Coruna Ios Exploit Kit
- nextgov.com — 411861
- iverify.io — First Known Mass Ios Attack
- askwoody.com — Coruna the Mysterious Journey of a Powerful Ios Exploit Kit
Weekly AI Recap
Read this week's curated digest of top AI events →
👉Related Updates
AI-curated news aggregator. All content rights belong to original publishers.
Original source: Computerworld ↗