Coruna iOS Exploit Kit Reuses 2023 Triangulation Code for New Mass Attacks on Apple Devices
What Happened — Kaspersky has linked the kernel exploit used in the recently disclosed Coruna iOS exploit kit to the same code base employed in the 2023 Operation Triangulation campaign. The updated exploit targets two iOS kernel vulnerabilities, granting attackers privileged code execution and full device control in large‑scale attacks.
Why It Matters for TPRM —
- iOS devices are a common third‑party asset in BYOD and MDM environments; compromise can expose corporate data and credentials.
- Re‑using older exploit code demonstrates a persistent threat‑actor capability that can bypass defenses not patched for legacy CVEs.
- Enterprises must reassess their mobile security posture and verify that all iOS endpoints are fully patched and monitored.
Who Is Affected — Any organization that deploys or permits Apple iOS devices, including Technology, Financial Services, Healthcare, Education, and Government sectors.
Recommended Actions —
- Verify that all iOS devices are running the latest OS version and have applied CVE‑2025‑XXXX and CVE‑2024‑YYYY patches.
- Strengthen Mobile Device Management (MDM) policies: enforce encryption, app vetting, and jailbreak detection.
- Deploy endpoint detection and response (EDR) solutions capable of monitoring kernel‑level activity on iOS.
- Conduct threat‑intel briefings for security teams about the Coruna kit and its indicators of compromise (IOCs).
Technical Notes — The exploit chain leverages a vulnerability chain (CVE‑2025‑XXXX → privilege escalation → kernel code execution) and a second flaw (CVE‑2024‑YYYY) for persistence. Attack vector is a malicious app delivered via compromised ad networks or phishing links. Data types at risk include corporate credentials, proprietary documents, and location data. Source: The Hacker News