Google Discovers Sophisticated iPhone Exploit Suite in Global Circulation
Google has identified a "powerful" collection of hacking tools specifically designed to infiltrate Apple iPhones. This suite of exploits, known within cybersecurity circles as 'Coruna', has been actively distributed across various online platforms used for cyber attacks. According to Google's detailed analysis, the tools have been utilised by a diverse range of actors, from state-sponsored government entities to organised financial criminals seeking to steal money from unsuspecting victims.
How the 'Coruna' Exploit Operates
The attack methodology is alarmingly straightforward for such a potent threat. It initiates simply by a user clicking on a malicious link, often disguised within legitimate-looking content. Once this initial action is taken, the Coruna tools deploy a complex chain of exploits designed to bypass the iPhone's built-in security defences. This allows attackers to gain access to core, sensitive areas of the device.
Technical researchers note that the exploit framework can be triggered through five distinct initial infection vectors. It leverages a staggering 23 different software vulnerabilities, cleverly chained together, to achieve a successful compromise of the device. The sheer number of flaws exploited highlights the tool's sophistication and the significant challenge it poses to device security.
Origins and Global Distribution of the Hack
The precise origin of the Coruna exploit suite remains shrouded in mystery, with Google's own researchers describing the attack's beginnings as enigmatic. However, mobile security firm iVerify has presented evidence suggesting a potential origin as a tool developed for United States government operations, which was subsequently leaked into the wider cybercriminal ecosystem.
Regardless of its genesis, Google confirms the tools have since been widely circulated among attackers worldwide. This circulation indicates the existence of a vibrant and active marketplace for second-hand or repurposed cyber exploits. The suite has been deployed in suspected state-level cyber operations, including attacks targeting users in Ukraine, as well as by criminal groups based in China focused on financial theft through scams.
Discovery Timeline and Targeted Platforms
Security analysts first detected the Coruna exploit in February 2025. Since its initial discovery, it has been found embedded on a variety of websites. A significant concentration was identified on Chinese-language websites, many with a primary focus on finance and banking topics. These sites were crafted to lure visitors into clicking harmful links that would deliver the exploit payload to their iPhones.
Affected Devices and Protective Measures
The vulnerability impacts iPhones running iOS versions 13 through to 17.2.1. The iOS 17.2.1 update was originally released by Apple in December 2023, meaning a broad range of devices operating on software up to that point are potentially at risk. The primary and most effective defence against this sophisticated threat is straightforward: users must ensure their Apple devices are updated to the latest available iOS software version. Apple's subsequent security patches address the vulnerabilities chained by the Coruna exploit, thereby neutralising this specific attack vector.
