Home / Technology / Skipping iPhone Updates? 'Coruna' Shows the Risk
Skipping iPhone Updates? 'Coruna' Shows the Risk
4 Mar
Summary
- Coruna exploit kit uses 23 hacking techniques against iPhones.
- It targets vulnerabilities in iOS 13.0 to 17.2.1 versions.
- PlasmaLoader payload aims to steal financial data from iPhones.
A significant cybersecurity threat, known as the 'Coruna' exploit kit, has been revealed, highlighting the risks of not updating iPhones. Researchers discovered this tool utilizes 23 distinct hacking techniques to remotely compromise vulnerable iPhones. Coruna exploits vulnerabilities found in iOS versions from 13.0, released in September 2019, up to 17.2.1, which became available in December 2023. These versions are now considered outdated as Apple has since released iOS 26.
Multiple actors have been observed using Coruna. In February 2025, a customer of a surveillance vendor was identified using the kit. Later, in July, a suspected Russian espionage group weaponized Coruna over compromised Ukrainian websites, targeting select iPhones in specific geolocations. Most recently, in December, a financially motivated Chinese hacking group employed Coruna on websites, including fake cryptocurrency exchanges, indiscriminately attacking iOS users.
The development and sale of Coruna by a well-funded spyware vendor is a strong possibility, leading to its widespread proliferation. The kit employs non-public exploitation techniques, some of which bypass existing security measures. While 11 exploits lack official CVE IDs and five non-public exploits' patch status is unknown, these attacks primarily target older iOS versions. The kit's payload, PlasmaLoader, operates covertly with root access, capable of running additional modules and extracting text snippets, potentially for financial data theft.
Security vendor iVerify also linked Coruna to a Chinese web domain, noting its ability to execute one-tap attacks and target vulnerabilities in Apple's Safari browser. While not typical for nation-state attacks, its widespread infection of potentially tens of thousands of Chinese users is a concern, as an estimated 5% of iPhone users still run vulnerable iOS versions. Apple has not commented, but security experts urge users to update to the latest iOS version or enable Lockdown Mode for protection.
