Coruna iOS exploit analysis ties updated Triangulation kernel exploit lineage
Technical Analysis
Summary
Hide ▲
Show ▼
Coruna has been linked to an updated exploit lineage from Operation Triangulation, showing that a long-running iPhone attack framework continues to evolve and can still threaten modern Apple hardware. The kit now targets A17 and M3 chips and supports iOS up to 17.2, expanding the exposed device set. It contains five iOS exploit chains across 23 vulnerabilities, including CVE-2023-32434 and CVE-2023-38606. The analysis matters because it maps the attack flow, version gating, and payload-loading stages that defenders can use to understand exposure.
Related Happenings
Apple iOS, macOS, and Safari security updates (multiple vulnerabilities)
Security Patch Release
H score33
First: 30.06.2026 10:15
Last: 30.06.2026 10:15
Sources 1
About this happening:
**Apple** released security updates for **iOS**, **macOS**, and **Safari** that fix **over three dozen flaws**, including **four WebKit vulnerabilities**. The update bundle covers...
Apple iOS, macOS, and Safari security updates (multiple vulnerabilities)
Security Patch ReleaseAbout this happening: **Apple** released security updates for **iOS**, **macOS**, and **Safari** that fix **over three dozen flaws**, including **four WebKit vulnerabilities**. The update bundle covers...
Apple A12/A13 SecureROM USB DMA underflow with public usbliter8 exploit security flaw
Vulnerability
H score0
First: 19.06.2026 21:37
Last: 19.06.2026 21:37
Sources 1
About this happening:
A public **usbliter8** exploit now reaches **arbitrary code execution** in Apple's **SecureROM**, exposing an **unpatchable USB DMA underflow flaw** across **A12, A13, S4, and S5*...
Apple A12/A13 SecureROM USB DMA underflow with public usbliter8 exploit security flaw
VulnerabilityAbout this happening: A public **usbliter8** exploit now reaches **arbitrary code execution** in Apple's **SecureROM**, exposing an **unpatchable USB DMA underflow flaw** across **A12, A13, S4, and S5*...
Beats Studio Buds Bluetooth BR/EDR missing-authentication security flaw (multiple vulnerabilities)
Vulnerability
H score24
First: 18.06.2026 15:23
Last: 18.06.2026 15:23
Sources 1
About this happening:
**Beats Studio Buds** are affected by **CVE-2025-20701**, a **missing-authentication** flaw in **Airoha system-on-a-chip (SoCs)** and the **Bluetooth BR/EDR radio** that can let a...
Beats Studio Buds Bluetooth BR/EDR missing-authentication security flaw (multiple vulnerabilities)
VulnerabilityAbout this happening: **Beats Studio Buds** are affected by **CVE-2025-20701**, a **missing-authentication** flaw in **Airoha system-on-a-chip (SoCs)** and the **Bluetooth BR/EDR radio** that can let a...
Apple security patch release for CVE-2025-20701
Security Patch Release
H score29
First: 18.06.2026 15:23
Last: 18.06.2026 15:23
Sources 1
About this happening:
Apple released **Beats Firmware Update 1B211** for **Beats Studio Buds** to fix **CVE-2025-20701**, closing a Bluetooth flaw that could let nearby attackers spy on conversations....
Apple security patch release for CVE-2025-20701
Security Patch ReleaseAbout this happening: Apple released **Beats Firmware Update 1B211** for **Beats Studio Buds** to fix **CVE-2025-20701**, closing a Bluetooth flaw that could let nearby attackers spy on conversations....
Apple Passwords app and Safari add Apple Intelligence-powered automatic password repair
Security Tool/Service
H score10
First: 09.06.2026 00:03
Last: 09.06.2026 00:03
Sources 1
About this happening:
**Apple Passwords app** and **Safari** are adding an **Apple Intelligence** feature that can automatically repair weak or compromised passwords, reducing password-hygiene risk for...
Apple Passwords app and Safari add Apple Intelligence-powered automatic password repair
Security Tool/ServiceAbout this happening: **Apple Passwords app** and **Safari** are adding an **Apple Intelligence** feature that can automatically repair weak or compromised passwords, reducing password-hygiene risk for...
Timeline
-
26.03.2026 15:10 2 articles · 3mo ago
Kaspersky links Coruna to updated Operation Triangulation framework
Technical Analysis UpdateKaspersky identifies Coruna as a maintained successor to the Operation Triangulation iPhone exploit framework, linking CVE-2023-32434 and CVE-2023-38606 to an updated kernel exploit and describing a Safari-based chain that fingerprints the device, selects RCE and PAC exploits, retrieves encrypted metadata, and loads additional components to deploy a spyware implant on Apple hardware up to iOS 17.2.
Show sources
- Coruna iOS exploit framework linked to Triangulation attacks — www.bleepingcomputer.com — 26.03.2026 15:10
- Coruna iOS exploit framework linked to Triangulation attacks — www.bleepingcomputer.com — 26.03.2026 15:10