Cybersecurity researchers have issued a warning about a sophisticated exploit kit capable of attacking millions of Apple iPhone devices running older versions of iOS. The toolkit, named Coruna, contains multiple exploit chains designed to compromise iPhones running versions from iOS 13 up to iOS 17.2.1.
Security analysts from Google Threat Intelligence Group reported that the toolkit includes five complete exploit chains and more than twenty vulnerabilities that can be used together to break through Apple’s mobile security protections.
Researchers say the most advanced exploits in the kit use complex techniques to bypass built-in protections in Apple’s operating system. These techniques allow attackers to execute malicious code on targeted devices.
Investigators traced one of the exploit chains to a previously discovered WebKit vulnerability tracked as CVE-2024-23222. The flaw allowed attackers to run remote code on vulnerable iPhones through specially crafted web content.
The vulnerability had earlier been patched by Apple in iOS 17.3, but researchers say the exploit toolkit continued to target devices that had not yet installed the security update.
According to the investigation, the exploit infrastructure was hosted on malicious servers and distributed through compromised websites. Several infected websites were discovered serving hidden scripts that delivered the exploit chain only to selected iPhone users based on their geographic location.
Security researchers believe the toolkit was initially used by surveillance-industry customers but later appeared in campaigns linked to advanced threat actors operating from Russia and China. Some attacks reportedly targeted industrial equipment platforms and cryptocurrency-related services.
Mobile security firm iVerify described the toolkit as a major example of surveillance-grade exploit technology spreading beyond specialized vendors and becoming accessible to a wider range of cyber actors.
Experts warn that exploit frameworks like Coruna increase the risk of large-scale attacks against mobile users if vulnerabilities remain unpatched. Users are advised to keep their iPhones updated to the latest iOS version and avoid visiting suspicious websites that may attempt to deliver malicious code.