Home / Technology / Critical iOS Flaws Exploited in Global Hacking Campaigns
Critical iOS Flaws Exploited in Global Hacking Campaigns
7 Mar
Summary
- Federal agencies ordered to patch critical iOS vulnerabilities.
- Advanced hacking kit named Coruna used in exploitation.
- Vulnerabilities exploited over 10 months by three distinct groups.
The Cybersecurity and Infrastructure Security Agency (CISA) has mandated that all federal agencies must patch three critical iOS vulnerabilities. These flaws were exploited in hacking campaigns over a 10-month span by three separate threat actor groups. The campaigns came to light through a report detailing an advanced hacking kit named Coruna, which consolidated 23 iOS exploits into potent exploit chains.
While some vulnerabilities had been previously patched, Coruna's sophisticated exploit code remained a significant threat to older iOS versions. CISA has added these vulnerabilities to its known exploited vulnerabilities catalog, requiring immediate patching for iOS versions 13 through 17.2.1. The agency has also advised all organizations to implement these security updates.
Coruna's capabilities include an innovative JavaScript framework designed to evade detection and a fingerprinting module. It was used by a surveillance vendor's customer, a suspected Russian espionage group targeting Ukrainian interests, and a Chinese financially motivated actor. This proliferation suggests an active market for previously discovered zero-day exploits.
