A newly identified exploit kit targeting Apple devices has raised concerns among cybersecurity researchers after it was found to contain multiple sophisticated vulnerabilities capable of compromising iPhones across a wide range of software versions.
The toolkit, dubbed “Coruna,” targets iPhones running iOS versions from 13.0 through 17.2.1, according to a report published by the Google Threat Intelligence Group
Researchers said the exploit kit includes five full iOS exploit chains and a total of 23 exploits, several of which rely on techniques that were previously unknown to the public.
Exploit chains are combinations of vulnerabilities that attackers use together to bypass security protections and gain deeper access to a device
In this case, the Coruna toolkit appears capable of leveraging multiple vulnerabilities to escalate privileges, potentially allowing attackers to gain control over targeted iPhones.
The researchers noted that some of the exploits used in Coruna had not been publicly documented before the discovery, suggesting that the toolkit may have been developed using advanced vulnerability research
Such capabilities are often associated with sophisticated cyber-espionage operations or commercial spyware tools designed to infiltrate mobile devices.
According to the report, the exploit kit was observed circulating in underground cybercrime markets, where it could potentially be used by malicious actors to launch targeted attacks against individuals, organizations, or high-value targets
Security experts warn that tools with multiple exploit chains significantly increase the likelihood of successful compromise, as attackers can attempt several attack paths if one vulnerability fails.
The findings highlight the ongoing security challenges faced by smartphone manufacturers as attackers continuously search for new vulnerabilities in widely used operating systems
Apple regularly releases software updates and security patches aimed at addressing newly discovered flaws and strengthening the defenses of its devices.
Cybersecurity analysts recommend that iPhone users keep their devices updated with the latest iOS versions and avoid installing software from untrusted sources
Prompt security updates remain one of the most effective ways to protect devices from newly discovered exploits and emerging mobile threats.
Execution-first marketing. Own every Web3 feed with Koinpr.com.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Security Researcher Discloses Cosmos CometBFT 0-day Vulnerability Affecting Over $8B in Assets
Security researcher discloses a critical 0-day in Cosmos CometBFT that could stall block synchronization, potentially impacting over $8 billion in assets and disrupting validators relying on timely confirmations.
GateNews5m ago
Fake Police Impersonators Force French Couple to Transfer Nearly $1M in Bitcoin
Criminals posing as police in France coerced a couple to transfer nearly $1M in Bitcoin, using fear and authority in a 'wrench attack' that exploits people, not wallets.
Abstract: Attackers used impersonation and psychological coercion to force a Bitcoin transfer, illustrating a wrench attack that targets human vulnerability rather than technical wallet exploits.
GateNews1h ago
Armed Robbery Attempt on French Crypto Professional Thwarted; Suspect Arrested
Gate News message, April 21 — A 40-year-old crypto industry professional in Saint-Jean-de-Védas, near Montpellier, France, thwarted an armed robbery attempt at his home. The suspect, disguised as a delivery person, entered the residence and demanded the victim hand over cryptocurrency wallet
GateNews1h ago
KelpDAO $290M Exploit Attributed to North Korea's Lazarus Group
LayerZero attributed a $290 million exploit of KelpDAO's cross-chain rsETH configuration to North Korea's Lazarus Group on April 18, describing the attacker as a "highly-sophisticated state actor." According to LayerZero, the incident was limited to KelpDAO's rsETH setup and did not spread to other
CryptoFrontier2h ago
Fraudsters Posing as Iranian Authorities Demand Bitcoin, USDT Payments from Ships at Strait of Hormuz
Gate News message, April 21 — Scammers impersonating Iranian authorities have targeted shipping companies with vessels stranded west of the Strait of Hormuz, demanding Bitcoin and Tether (USDT) payments in exchange for safe passage, according to maritime risk firm Marisks.
The fraudsters
GateNews2h ago
