Coruna iOS Exploit Kit Targets iOS 13–17.2.1 with 23 Exploits

Timeline

1. 04.03.2026 15:28 1 articles · 4h ago

   Coruna Exploit Kit Used in Multiple Campaigns by Various Threat Actors

   The Coruna exploit kit, first observed in February 2025, has been used by multiple threat actors, including government-backed groups and financially motivated actors. The kit was detected on compromised Ukrainian websites in July 2025 and on fake Chinese websites in December 2025. The kit leverages vulnerabilities in WebKit and other components, some of which were patched by Apple but remained undocumented until later. The kit is designed to fingerprint devices and deliver appropriate exploits based on the iOS version and avoids execution on devices in Lockdown Mode or private browsing. The Coruna exploit kit marks a shift from targeted spyware attacks to broader exploitation of iOS devices.

   Show sources

   • Coruna iOS Exploit Kit Uses 23 Exploits Across Five Chains Targeting iOS 13–17.2.1 — thehackernews.com — 04.03.2026 15:28

   Open in new tab

Information Snippets

• The Coruna exploit kit targets iOS versions 13.0 to 17.2.1 and includes five full exploit chains and 23 exploits.

  First reported: 04.03.2026 15:28
  1 source, 1 article
  Show sources

  • Coruna iOS Exploit Kit Uses 23 Exploits Across Five Chains Targeting iOS 13–17.2.1 — thehackernews.com — 04.03.2026 15:28

• The kit uses non-public exploitation techniques and mitigation bypasses.

  First reported: 04.03.2026 15:28
  1 source, 1 article
  Show sources

  • Coruna iOS Exploit Kit Uses 23 Exploits Across Five Chains Targeting iOS 13–17.2.1 — thehackernews.com — 04.03.2026 15:28

• The exploit kit has been used by multiple threat actors, including government-backed groups and financially motivated actors.

  First reported: 04.03.2026 15:28
  1 source, 1 article
  Show sources

  • Coruna iOS Exploit Kit Uses 23 Exploits Across Five Chains Targeting iOS 13–17.2.1 — thehackernews.com — 04.03.2026 15:28

• The kit was first observed in February 2025 and has since been linked to campaigns involving Russian and Chinese actors.

  First reported: 04.03.2026 15:28
  1 source, 1 article
  Show sources

  • Coruna iOS Exploit Kit Uses 23 Exploits Across Five Chains Targeting iOS 13–17.2.1 — thehackernews.com — 04.03.2026 15:28

• The exploit kit leverages vulnerabilities in WebKit and other components, some of which were patched by Apple but remained undocumented until later.

  First reported: 04.03.2026 15:28
  1 source, 1 article
  Show sources

  • Coruna iOS Exploit Kit Uses 23 Exploits Across Five Chains Targeting iOS 13–17.2.1 — thehackernews.com — 04.03.2026 15:28

• The kit is designed to fingerprint devices and deliver appropriate exploits based on the iOS version.

  First reported: 04.03.2026 15:28
  1 source, 1 article
  Show sources

  • Coruna iOS Exploit Kit Uses 23 Exploits Across Five Chains Targeting iOS 13–17.2.1 — thehackernews.com — 04.03.2026 15:28

• The kit avoids execution on devices in Lockdown Mode or private browsing.

  First reported: 04.03.2026 15:28
  1 source, 1 article
  Show sources

  • Coruna iOS Exploit Kit Uses 23 Exploits Across Five Chains Targeting iOS 13–17.2.1 — thehackernews.com — 04.03.2026 15:28

• The Coruna exploit kit marks a shift from targeted spyware attacks to broader exploitation of iOS devices.

  First reported: 04.03.2026 15:28
  1 source, 1 article
  Show sources

  • Coruna iOS Exploit Kit Uses 23 Exploits Across Five Chains Targeting iOS 13–17.2.1 — thehackernews.com — 04.03.2026 15:28