Alphabet Uncovers “Coruna” Zero-Day Targeting iOS 13.0–17.2.1 With Possible US Government Origin
Alphabet’s Threat Intelligence Group identified “Coruna,” a zero-day exploit targeting iPhone models running iOS 13.0–17.2.1 used by Russian and Chinese hackers, and experts suggest the toolkit is a leaked U.S. government framework. Google warns the exploit is ineffective on the latest iOS versions and urges immediate device updates.
1. Identification of Coruna
Alphabet’s Threat Intelligence Group discovered “Coruna,” a zero-day exploit toolkit targeting iPhone models running iOS 13.0 through 17.2.1, first observed during a surveillance attempt and ineffective on the latest iOS release.
2. Hacking Groups and Attribution
The toolkit has been used in attacks against Ukrainian users by suspected Russian actors and by Chinese financially motivated hackers, with researchers noting similarities to leaked U.S. government frameworks such as EternalBlue.
3. User Guidance and Security Impact
Google urges users to update to the latest iOS to block Coruna, highlighting an active market for second-hand exploits and the critical role of timely patch management for both enterprise and consumer devices.