CP
cyberpings
VulnerabilitiesHIGH

Coruna Exploit Kit - Updated Version of Triangulation Exploit

KAKaspersky Securelist
CVE-2023-32434CVE-2023-38606CorunaOperation TriangulationiPhone
🎯

Basically, a new tool called Coruna is targeting iPhones using old security flaws.

Quick Summary

Kaspersky experts have uncovered the Coruna exploit kit targeting iPhones. This sophisticated kit uses updated exploits from Operation Triangulation, posing a serious risk to users. Stay informed and protect your device from potential breaches.

What Happened

On March 4, 2026, a sophisticated exploit kit named Coruna was reported by Google and iVerify. This kit specifically targets Apple iPhone devices, utilizing vulnerabilities that were previously patched. Notably, it incorporates exploits for CVE-2023-32434 and CVE-2023-38606, which were initially discovered as zero-days in a campaign known as Operation Triangulation. This operation involved complex attacks on iOS devices, leading to significant security breaches.

The exploit kit was first identified in targeted attacks linked to a surveillance vendor and later used in broader attacks in Ukraine and China. Researchers found that Coruna is not a random collection of exploits but rather a cohesive framework designed for effective exploitation.

Who's Affected

The primary targets of the Coruna exploit kit are iPhone users, particularly those running older versions of iOS. Given the nature of the exploits, users in regions experiencing political unrest or financial motivations, such as Ukraine and China, are particularly vulnerable. The ongoing use of these exploits poses a significant risk to personal data and device integrity for millions of iPhone users worldwide.

As the exploit kit continues to evolve, it remains active, with distribution links still operational at the time of the report's publication. This means that even users who believe their devices are secure may still be at risk.

What Data Was Exposed

The Coruna exploit kit leverages multiple vulnerabilities to gain unauthorized access to devices, potentially exposing sensitive user data. This includes personal information, location data, and possibly even financial details. The exploits used in the kit have been designed to bypass existing security measures, making it difficult for users to detect any malicious activity.

Moreover, the kit's ability to download additional components means that attackers can adapt their strategies and targets dynamically, increasing the scope of potential data breaches. Users may not even be aware that their devices have been compromised until it's too late.

What You Should Do

To protect yourself from the threats posed by the Coruna exploit kit, it is crucial to keep your iPhone updated with the latest security patches. Always install updates as soon as they are available, as these often include fixes for known vulnerabilities.

Additionally, consider using security software that can help detect and mitigate threats. Be cautious about the links you click on and the apps you download, especially from untrusted sources. Regularly review your device's security settings and be vigilant about any suspicious activity. Taking these steps can significantly reduce your risk of falling victim to exploit kits like Coruna.

🔒 Pro insight: The evolution of the Coruna exploit kit underscores the persistent threat of mobile APT campaigns targeting iOS vulnerabilities.

Original article from

Kaspersky Securelist · Boris Larin

Read Full Article

Share

Related Pings

HIGHVulnerabilities

Vulnerabilities in Segmented OT - Insights from HD Moore

HD Moore warns about vulnerabilities in segmented OT environments. Many organizations are unaware of these risks, which could lead to serious breaches. It's crucial to adopt better security measures to protect essential operations.

SC Media·
CRITICALVulnerabilities

Citrix NetScaler - Critical Vulnerability Exposed

A critical vulnerability in Citrix NetScaler devices has been identified, allowing attackers to leak sensitive data. Immediate patching is crucial to mitigate risks. Organizations must take action now to secure their systems and protect sensitive information.

CSO Online·
HIGHVulnerabilities

PolyShell Vulnerability - Attacks Target Magento Stores

A critical vulnerability in Magento is being exploited, affecting over half of vulnerable stores. This flaw allows hackers to execute remote code, risking sensitive data. Store owners must act quickly to secure their platforms.

BleepingComputer·
MEDIUMVulnerabilities

Apple Patches Vulnerabilities Across All Operating Systems

Apple has patched 85 vulnerabilities across its operating systems. While none are currently exploited, users should update their devices to enhance security. Stay safe and informed!

SANS ISC Full Text·
HIGHVulnerabilities

Cisco Vulnerabilities - Security Advisory Released March 2026

Cisco has issued a security advisory for vulnerabilities in various products, including Catalyst switches and IOS software. Users are urged to update their systems immediately to avoid risks. This advisory is vital for maintaining network security and integrity.

Canadian Cyber Centre Alerts·
HIGHVulnerabilities

Vulnerabilities - CISA Adds CVE-2026-33017 to Catalog

CISA has added CVE-2026-33017 to its KEV Catalog due to active exploitation. This code injection vulnerability poses significant risks to federal networks. Organizations are urged to act quickly to mitigate potential threats.

CISA Advisories·