Home / Technology / Skipping iPhone Updates? 'Coruna' Shows the Risk
Skipping iPhone Updates? 'Coruna' Shows the Risk
4 Mar
Summary
- Coruna exploit kit uses 23 hacking techniques against iPhones.
- It targets vulnerabilities in iOS 13.0 to 17.2.1 versions.
- PlasmaLoader payload aims to steal financial data from iPhones.
A significant cybersecurity threat, known as the 'Coruna' exploit kit, has been revealed, highlighting the risks of not updating iPhones. Researchers discovered this tool utilizes 23 distinct hacking techniques to remotely compromise vulnerable iPhones. Coruna exploits vulnerabilities found in iOS versions from 13.0, released in September 2019, up to 17.2.1, which became available in December 2023. These versions are now considered outdated as Apple has since released iOS 26.
Multiple actors have been observed using Coruna. In February 2025, a customer of a surveillance vendor was identified using the kit. Later, in July, a suspected Russian espionage group weaponized Coruna over compromised Ukrainian websites, targeting select iPhones in specific geolocations. Most recently, in December, a financially motivated Chinese hacking group employed Coruna on websites, including fake cryptocurrency exchanges, indiscriminately attacking iOS users.
