Leaked US Tool Can Hack iPhones, Experts Warn
▼ Summary
– A sophisticated exploit kit called “Coruna” uses 23 vulnerabilities to hijack iPhones, often starting with a click on a malicious link.
– Unlike targeted spyware, this kit can infect any visitor to a compromised website who uses a vulnerable iOS version, making it a broad threat.
– The software is believed to have originated as a leaked US government tool before being adopted by international cybercriminals.
– It has been used by groups ranging from Russian espionage rings to Chinese cryptocurrency scammers for indiscriminate attacks.
– The primary defense is to update iPhones to the latest iOS version, as Coruna only affects older versions (iOS 13 through 17.2.1).
Cybersecurity experts are raising urgent alarms about a sophisticated hacking tool, reportedly of US government origin, that can compromise iPhones through multiple security flaws. This powerful exploit kit, identified as Coruna, leverages 23 distinct vulnerabilities to infiltrate devices. The attack primarily targets Apple’s Safari browser and can be initiated through several methods, including a single click on a malicious link. Once activated, it bypasses the iPhone’s built-in protections, potentially granting attackers access to private messages, financial details, and other sensitive information.
Google’s security team highlighted the kit’s advanced design, noting its components are seamlessly integrated using common utility and exploitation frameworks. Unlike conventional malware aimed at specific individuals, this tool does not rely on personalized phishing links. Any user visiting a compromised website with a vulnerable iPhone could become a victim, making its threat potential widespread and indiscriminate.
The origins of this spyware are particularly concerning. Initially detected by Google in early 2025, analysis suggests it may have started as a classified US government tool before being leaked. Following the leak, the high-grade spyware proliferated globally, adopted by various international cybercriminal networks. Reports indicate Russian espionage groups used it to hijack Ukrainian websites, while Chinese hackers employed it in fraudulent cryptocurrency schemes targeting a broad user base.
Security firm iVerify confirmed the tool’s broad reach, stating that reinfection of test devices was consistently possible, a pattern more typical of large-scale criminal operations than focused state-sponsored attacks. A critical piece of mitigating information is that Coruna only affects iPhones running older iOS versions, specifically 13 through 17.2.1. The latter version was released in 2023, meaning devices updated beyond that point are not susceptible.
The primary defense is straightforward: users must update their devices to the latest version of iOS immediately. For iPhones that cannot receive the newest updates, enabling Apple’s Lockdown Mode provides a strong secondary layer of protection. This feature, introduced in 2022, is specifically designed to harden devices against sophisticated spyware attacks by severely limiting functionality that could be exploited.
(Source: New York Post)
