Coruna Exploit Framework Compromises iPhone Devices Running on Outdated iOS Versions

Google's security researchers have made a significant discovery in the realm of mobile device security. A sophisticated exploitation framework, dubbed Coruna, has been found to target iPhone devices running on iOS versions 13 to 17.2.1. The framework is designed to compromise these devices by exploiting WebKit browser vulnerabilities and delivering malicious code that steals cryptocurrency wallet credentials and other valuable financial data.

The Coruna framework has been linked to various threat actors, including UNC6353, a group suspected of conducting Russian intelligence operations. Google's research suggests that the same exploitation toolkit was used in watering-hole compromises aimed at Ukrainian internet users. Furthermore, the framework has also been observed operating across extensive networks of deceptive Chinese financial platforms.

According to Google's technical analysis, the Coruna framework encompasses five complete exploitation sequences utilizing twenty-three distinct security vulnerabilities. The toolkit successfully compromises iPhone devices operating any firmware version between iOS 13 and iOS 17.2.1. Notably, attackers deliberately avoid compromising devices with Lockdown Mode enabled or during private browsing sessions.