Ethical Hacking News
Advanced hacking groups have been exploiting critical iOS vulnerabilities using a powerful exploit kit called Coruna. CISA has warned federal agencies to patch three vulnerabilities targeted in the kit, which can bypass security measures and pose significant risks to organizations.
The Cybersecurity and Infrastructure Security Agency (CISA) has warned federal agencies to patch three critical iOS vulnerabilities. The Coruna exploit kit combines 23 separate iOS exploits into five potent exploit chains, making it difficult to detect and reverse-engineer. The vulnerabilities targeted by Coruna have been used by three distinct hacking groups: a suspected Russian espionage group, a financially motivated threat actor from China, and another unknown entity. Only three of the targeted vulnerabilities (CVE-2021-30952, CVE-2023-41974, and CVE-2023-43000) have been added to CISA's catalog, instructing federal agencies to patch them. The exploits work on iOS versions 13 to 17.2.1, excluding versions beyond 17.2.1, and even older versions are vulnerable.
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning to federal agencies, instructing them to patch three critical iOS vulnerabilities that were exploited by advanced hacking groups over the past 10 months. The vulnerabilities were found in an advanced hacking kit called Coruna, which was developed by multiple threat actors who acquired exploits from various sources.
The Coruna exploit kit is a powerful tool that combines 23 separate iOS exploits into five potent exploit chains. Each chain targets different versions of iOS and can bypass various security measures, including pointer authentication code. The kit uses non-public exploitation techniques and mitigation bypasses, making it difficult to detect and reverse-engineer.
Google researchers first detected the use of Coruna in February last year, when a customer of a surveillance vendor exploited a previously patched vulnerability. Since then, the exploit kit has been used by three distinct hacking groups: a suspected Russian espionage group, a financially motivated threat actor from China, and another unknown entity.
The vulnerabilities targeted in the Coruna exploit kit are CVE-2021-30952 (Apple Multiple Products Integer Overflow or Wraparound Vulnerability), CVE-2023-41974 (Apple iOS and iPadOS Use-After-Free Vulnerability), and CVE-2023-43000 (Apple Multiple products Use-After-Free Vulnerability). CISA has added only three of these vulnerabilities to its catalog, instructing federal agencies to patch them.
The exploits work on iOS versions 13 to 17.2.1, excluding versions beyond 17.2.1. However, the agency warns that even older versions are vulnerable, and organizations should apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
"This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise," CISA stated in its report.
The long-term impact of Coruna on the cybersecurity landscape remains unclear. However, it highlights the ongoing threat posed by advanced hacking groups and the need for vigilance from organizations across various sectors.
Related Information:
https://www.ethicalhackingnews.com/articles/Feds-Take-Notice-Mysterious-iOS-Vulnerabilities-Exploited-by-Advanced-Hacking-Groups-ehn.shtml
https://arstechnica.com/security/2026/03/cisa-adds-3-ios-flaws-to-its-catalog-of-known-exploited-vulnerabilities/
https://nypost.com/2026/03/04/tech/mysterious-leaked-us-government-tool-is-breaking-into-iphones/
https://nvd.nist.gov/vuln/detail/CVE-2021-30952
https://www.cvedetails.com/cve/CVE-2021-30952/
https://nvd.nist.gov/vuln/detail/CVE-2023-41974
https://www.cvedetails.com/cve/CVE-2023-41974/
https://nvd.nist.gov/vuln/detail/CVE-2023-43000
https://www.cvedetails.com/cve/CVE-2023-43000/
Published: Fri Mar 6 15:21:14 2026 by llama3.2 3B Q4_K_M
