Last Update: 04/05/2026 at 2:50 PM EST
Leaked iPhone Exploits Reach Criminals
Coverage from Schneier on Security, BleepingComputer, and others
Articles
4
Latest Article
04/02
Active Days
31
Executive Summary
Google and other researchers say a sophisticated iPhone exploit kit leaked from government use is now being reused by criminals and state-linked actors
- Google said Coruna can silently install malware after a malicious website visit
- The toolkit uses five exploit chains built from 23 iOS vulnerabilities
- Researchers linked Coruna to Operation Triangulation and modern Apple hardware
- Coruna targets iPhones running iOS 13 through 17.2.1 and some newer devices
- Evidence suggests the code spread from government use into Russian and Chinese actor activity
- Apple issued updates for newly uncovered flaws and emergency fixes for older devices
Quick Facts
- What: A leaked iPhone exploit kit used for silent device compromise
- Where: Targeting iPhones and iPads across multiple countries
- Why: To bypass defenses, install malware, and steal data
- Who: Google, Kaspersky, iVerify, Apple and threat actors
- When: Identified in February 2025 and reported this month
Coverage Timeline: 31 Days
Featured Article
Google researchers reported Coruna, an iPhone hacking toolkit using 23 iOS vulnerabilities to silently install malware after malicious website visits.
Additional Articles
⭐⭐⭐
Kaspersky researchers analyzed Coruna, an iOS exploit kit targeting Apple hardware through iOS 17.2, and found an evolution of Operation Triangulation with Apple security updates issued.
Researchers linked a DarkSword iOS hacking campaign to a GitHub leak, while Apple issued a March 11 emergency update for impacted iPhone and iPad models.
⭐️⭐️
Google researchers identified Coruna exploit kit in February 2025, revealing leakage from government use into criminal actors affecting iPhone users across Ukraine, Russia, and China.