A newly identified collection of 23 previously undocumented exploits, known as “Coruna,” is actively targeting Apple iOS devices across multiple campaigns. Deployed by several distinct threat actors, these exploits are being used in both targeted espionage operations and financially motivated attacks. The emerging threat poses a serious risk to iOS users, as these exploits have gone largely undetected by conventional security defenses.
Coruna is a Previously Undocumented Set of 23 iOS Exploits
The Coruna exploit set consists of 23 individual, undocumented exploits that collectively represent a significant escalation in the iOS threat landscape. Targeting both governmental entities and private individuals, the Coruna framework leverages vulnerabilities spanning multiple versions of Apple’s iOS operating system. Each exploit within the set is specifically engineered to bypass the security measures built into Apple’s platform, allowing threat actors to operate beneath the radar of many traditional security tools used to protect end users.
The Range of Attacks Driven by Coruna Exploits
- Espionage Tactics : Government and diplomatic communications have been among the targets, indicating that Coruna’s capabilities extend to infiltrating secured channels used by high-value institutional targets.
- Financial Crimes : Threat actors are also using Coruna for financially motivated operations, leveraging capabilities such as data interception and unauthorized access to financial systems to generate substantial illicit gains.
Multiple Threat Actors Have Deployed Coruna in Targeted Campaigns
Several threat actors, some with established histories of conducting sophisticated cyberattacks, have been observed deploying Coruna across high-stakes campaigns. The diversity in how the exploit set has been used across different attack scenarios points to its versatility and adaptability. This broad applicability makes Coruna particularly attractive to actors pursuing both intelligence collection and financial theft, raising serious concerns about its continued use and potential expansion to new targets.
Coruna Demands Immediate Attention from the iOS Security Community
The discovery of Coruna serves as a direct reminder that even widely trusted platforms such as iOS remain vulnerable to advanced and persistent cyber threats. Users and organizations that depend on iOS devices need to reassess their current security posture and adopt updated defensive measures. With exploits of this sophistication operating undetected across multiple campaigns, reactive security practices are no longer sufficient.
The deployment of Coruna in both espionage and financially motivated schemes makes it one of the more consequential iOS threat sets uncovered in recent memory, and the cybersecurity community is urged to treat its emergence with the urgency it warrants.
