Raw Record Source

{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreihgqbrw7yz3eq2nywraddfgo72o3l5fhxba23727ig356nqesbv54",
    "uri": "at://did:plc:ei7bjz4znfapbhkcszctjjd6/app.bsky.feed.post/3mge2atnubmq2"
  },
  "coverImage": {
    "$type": "blob",
    "ref": {
      "$link": "bafkreihcyabozegtew4rmrk4ec2hzwzvtkgco26m6dlmnabxlf4gpnlpgy"
    },
    "mimeType": "image/jpeg",
    "size": 234215
  },
  "path": "/article/4141237/the-coruna-exploit-why-iphone-users-should-be-concerned.html",
  "publishedAt": "2026-03-05T19:14:38.000Z",
  "site": "https://www.computerworld.com",
  "tags": [
    "Endpoint Protection, iOS Security, iPhone, Mobile, Mobile Phones, Mobile Security, Security, Smartphones",
    "Threat Intelligence Group",
    "iVerify",
    "Wired",
    "not yet running iOS 26",
    "high-value attacks",
    "doubled its available security bounty",
    "Memory Integrity Enforcement",
    "_BlueSky_",
    "_LinkedIn_",
    "_Mastodon_"
  ],
  "textContent": "A new iPhone-hacking exploit has exposed the uncomfortable truth that when governments build offensive attacks, they eventually come for all of us.\n\nRevealed by Google’s Threat Intelligence Group (GTIG) and iVerify, the Coruna exploit can compromise iPhones running iOS 13 through to iOS 17.2.1, though Apple has secured its systems against this threat in iOS 26.\n\n## **What Coruna does**\n\nCoruna is dangerous and can hijack any iOS device just when a user visits a website. Its existence is a perfect illustration of how weaponized hacking tools do nothing to make us safer, and everything to make people more insecure.\n\nCoruna can steal data and cryptocurrency information, expose personal information, and more. Once hacked, the exploit will install software with root access that can run additional modules and collect text snippets from the device.\n\nIt’s a complex set of tools that includes five exploit chains and 23 vulnerabilities that seem to have been designed to infiltrate devices and exfiltrate sensitive data. Everything about the kit screams of it being built by a highly resourced nation-state hacking organization.\n\nIt’s so sophisticated it even recognizes when a device is in Lockdown Mode, at which point it ceases its attack.\n\n## **Made in the USA?**\n\nThe code is polished, the tools comprehensive, and it uses exploitation methods and security avoidance tricks the team hadn’t come across before. That’s why it looks like a well-financed exploit, one that first appeared in use by surveillance-as-a-service mercenary firms, later by a Russian espionage group, then by a Chinese group. Wired warns that it “may have been originally created by a US contractor and sold to the American government.”\n\nIn other words, it’s a perfect illustration of how highly sophisticated attacks developed for nation-state use can, do, and indeed already are falling into the hands of criminals.\n\nThe experts at iVerify who also studied the exploit warn: “Coruna is one of the most significant examples we’ve observed of sophisticated spyware-grade capabilities proliferating from commercial surveillance vendors into the hands of nation-state actors and ultimately mass-scale criminal operations.\n\nThe attack really demonstrates that the only way we can effectively protect our digital world is to ensure that everyone in that world is as safe as everybody else.\n\nThere’s no such thing as a safe hack, no such thing as a controllable zero-day attack, no such thing as a safe backdoor.\n\n## **There are no safe back doors**\n\nWhen it comes to Coruna, experts warn that thousands, perhaps tens of thousands, of iPhones might already have fallen victim since it is so effective and already so widely proliferated. That’s a particular threat given that 26% of all iPhones introduced since 2022 are not yet running iOS 26, which means they aren’t yet protected against the attack.\n\n“The mobile threat landscape is not standing still, and the tools once reserved for targeting heads of state are now being deployed against ordinary iPhone users,” iVerify warned.\n\nThis was inevitable. Sophisticated attacking tools used by state hackers or those adjacent to those hackers will always slip into wider use eventually; even the NSO Group’s earliest Pegasus software exploits are allegedly now available for sale on the dark web.\n\nThose high-value attacks were originally used against human rights activists and journalists in the Middle East and Europe. While such exploits are usually described as being so sophisticated and costly to launch most of us need not fear them, the truth is that when those attacks proliferate, they do threaten everyone.\n\n## **Come together**\n\nWe know Apple is attempting to stay ahead in the security race. It doubled its available security bounty just last year, and its recently introduced Memory Integrity Enforcement (MIE) protection should help secure its platforms against attacks of this kind.\n\nBut security protection is never perfect, humans remain the weakest link, and ordinary users seem increasingly likely to be exposed to sophisticated attacks as they reach down the food chain.\n\nCoruna may have been in use for years. But if you care about security, whoever it was who first built these attacks should have decided to report the vulnerability to Apple, not weaponize it to make a buck. If we work together, we make things safer. If we fail to find some way to get along, then no one will be safe — to the detriment of all.\n\n_You can follow me on social media! Join me on_ _BlueSky_ _,__LinkedIn_ _, and_ _Mastodon_ _._",
  "title": "The Coruna exploit: Why iPhone users should be concerned"
}