Kaspersky Warns iOS Users to Beware of Coruna Threat

JAKARTA - Kaspersky has discovered a new hacking tool called Coruna which is an expansion of a previous cyber attack, and is now considered wider and potentially targeting many iPhone users.

Kaspersky's Global Research and Analysis Team (GReAT) revealed that Coruna is a direct evolution of the framework used in the Operation Triangulation cyber espionage campaign. Based on code analysis, both are believed to be created by the same developer.

Of the five exploits found in Coruna, one is a newer version of the one used in 2023. While the other four, including those developed after the Triangulation case was revealed, are still built on the same foundation.

The code similarities extend beyond the kernel exploit to other Coruna components, which led Kaspersky to conclude that the kit was not assembled from separate parts but an evolution that was continuously maintained from the original framework.

More dangerous, Coruna has already supported Apple's latest devices and systems, such as the A17 processor as well as the M3, M3 Pro, and M3 Max chips, as well as the operating system up to iOS 17.2.

The code also includes special checks for iOS 16.5 beta 4, the version released by Apple to patch the vulnerability reported by Kaspersky.

Kaspersky GReAT's lead security researcher, Boris Larin, said that this tool was originally used for highly targeted espionage, but now tends to be used more broadly without specific targets.

"The inclusion of checks for the latest processors such as M3 and newer iOS builds shows that the original developers have actively expanded this code base," said Boris Larin.

Kaspersky urges all iPhone users to immediately install the latest iOS update. The vulnerability exploited by Coruna has been patched by Apple, but devices that have not been patched are still at risk.