Coruna Exploit: US Government-Linked iOS Hack Targets iPhones – Update Now

Apple has virtually eliminated the remaining addressable iPhones being targeted by the Coruna exploit being traded around the black market – that is, if you update your iPhone.

An exploit potentially developed by the US government has leaked to the black market and has been used to target iPhone users globally. Awful actors that get their hands on the malicious Coruna exploit have modified it to perform other tasks, like draining crypto accounts.

Recent iOS Updates Patch Coruna Vulnerabilities

Apple released iOS 15.8.7 and iOS 16.7.15 updates on Wednesday to directly address the Coruna exploit. The vulnerability was initially patched with iOS 17.2 on December 11, 2023, but the latest updates extend protection to devices as far back as the iPhone 6s.

The exploit leverages weaknesses in Apple’s WebKit engine, which powers Safari and other web browsers on iPhone and iPad. Compromise can occur simply by visiting a link or opening an email containing the exploit.

The iOS 16.7.15 update specifically fixes the WebKit vulnerability identified as CVE-2023-43010. The iOS 15.8.7 update addresses multiple vulnerabilities exploited by Coruna, including CVE-2023-41974 (a kernel vulnerability), CVE-2024-23222, and CVE-2023-43000, in addition to CVE-2023-43010.

Apple also released iPadOS 15.8.7 and iPadOS 16.7.15 to address the same vulnerabilities.

Protect Your iPhone: Update Immediately

To ensure you’re protected, update to the latest available version of iOS for your device. It’s particularly important to inform users of older iPhones about available updates to prevent potential exploitation.

Coruna’s Origins and Sophistication

Coruna is derived from a highly sophisticated toolset originally developed by a state actor. While widespread targeting isn’t likely, staying up-to-date with security patches remains a crucial security practice.

Researchers have linked the exploit kit to Operation Triangulation, a Russian cybersecurity firm Kaspersky attributed to the U.S. Government in 2023 [Cyberscoop]. The NSA declined to comment on the allegation.

The exploit kit’s origins are traced back to a leaked U.S. Government framework [Cybernews], and it has been observed in attacks by Chinese cybercriminals and Russian espionage operations [Cyberscoop].

A former L3 Harris executive was recently sentenced to prison for selling zero-day exploits to a Russian broker, highlighting the market for these types of vulnerabilities [Cyberscoop].

Key Takeaways

• The Coruna exploit, potentially originating from a US government framework, is being used to target iPhones.
• Updating to the latest iOS version (iOS 15.8.7, 16.7.15, or later) is critical to protect against this exploit.
• The exploit targets vulnerabilities in the WebKit engine, making users susceptible through malicious links and emails.
• The sophistication of Coruna highlights the proliferation of advanced exploitation techniques.