Feds take discover of iOS vulnerabilities exploited beneath mysterious circumstances – Cyber Tech
Coruna can also be notable for its use by three distinct hacking teams. Google first detected its use in February of final 12 months in an operation carried out by a “buyer of a surveillance vendor.” The vulnerability exploited, tracked as CVE-2025-23222, had been patched 13 months earlier. In July 2025, a “suspected Russian espionage group” exploited CVE-2023-43000 in assaults planted on web sites that had been frequented by Ukrainian targets. Final December, when it was utilized by a “financially motivated menace actor from China,” Google was capable of retrieve the whole exploit equipment.
“How this proliferation occurred is unclear, however suggests an lively marketplace for ‘second hand’ zero-day exploits,” Google wrote. “Past these recognized exploits, a number of menace actors have now acquired superior exploitation strategies that may be re-used and modified with newly recognized vulnerabilities.”
Google researchers went on to jot down:
We retrieved all of the obfuscated exploits, together with ending payloads. Upon additional evaluation, we observed an occasion the place the actor deployed the debug model of the exploit equipment, leaving within the clear all the exploits, together with their inside code names. That’s after we discovered that the exploit equipment was possible named Coruna internally. In whole, we collected just a few hundred samples masking a complete of 5 full iOS exploit chains. The exploit equipment is ready to goal varied iPhone fashions working iOS model 13.0 (launched in September 2019) as much as model 17.2.1 (launched in December 2023).
The 23 exploits, together with the code names and different data, are:
| Sort | Codename | Focused variations (inclusive) | Mounted variations | CVE |
| WebContent R/W | buffout | 13 → 15.1.1 | 15.2 | CVE-2021-30952 |
| WebContent R/W | jacurutu | 15.2 → 15.5 | 15.6 | CVE-2022-48503 |
| WebContent R/W | bluebird | 15.6 → 16.1.2 | 16.2 | No CVE |
| WebContent R/W | terrorbird | 16.2 → 16.5.1 | 16.6 | CVE-2023-43000 |
| WebContent R/W | cassowary | 16.6 → 17.2.1 | 16.7.5, 17.3 | CVE-2024-23222 |
| WebContent PAC bypass | breezy | 13 → 14.x | ? | No CVE |
| WebContent PAC bypass | breezy15 | 15 → 16.2 | ? | No CVE |
| WebContent PAC bypass | seedbell | 16.3 → 16.5.1 | ? | No CVE |
| WebContent PAC bypass | seedbell_16_6 | 16.6 → 16.7.12 | ? | No CVE |
| WebContent PAC bypass | seedbell_17 | 17 → 17.2.1 | ? | No CVE |
| WebContent sandbox escape | IronLoader | 16.0 → 16.3.116.4.0 (<= A12) | 15.7.8, 16.5 | CVE-2023-32409 |
| WebContent sandbox escape | NeuronLoader | 16.4.0 → 16.6.1 (A13-A16) | 17.0 | No CVE |
| PE | Neutron | 13.X | 14.2 | CVE-2020-27932 |
| PE (infoleak) | Dynamo | 13.X | 14.2 | CVE-2020-27950 |
| PE | Pendulum | 14 → 14.4.x | 14.7 | No CVE |
| PE | Photon | 14.5 → 15.7.6 | 15.7.7, 16.5.1 | CVE-2023-32434 |
| PE | Parallax | 16.4 → 16.7 | 17.0 | CVE-2023-41974 |
| PE | Gruber | 15.2 → 17.2.1 | 16.7.6, 17.3 | No CVE |
| PPL Bypass | Quark | 13.X | 14.5 | No CVE |
| PPL Bypass | Gallium | 14.x | 15.7.8, 16.6 | CVE-2023-38606 |
| PPL Bypass | Carbone | 15.0 → 16.7.6 | 17.0 | No CVE |
| PPL Bypass | Sparrow | 17.0 → 17.3 | 16.7.6, 17.4 | CVE-2024-23225 |
| PPL Bypass | Rocket | 17.1 → 17.4 | 16.7.8, 17.5 | CVE-2024-23296 |
CISA is including solely three of the CVEs to its catalog. They’re:
- CVE-2021-30952 Apple A number of Merchandise Integer Overflow or Wraparound Vulnerability
- CVE-2023-41974 Apple iOS and iPadOS Use-After-Free Vulnerability
- CVE-2023-43000 Apple A number of merchandise Use-After-Free Vulnerability
CISA is directing businesses to “apply mitigations per vendor directions, observe relevant… steering for cloud companies, or discontinue use of the product if mitigations are unavailable.” The company went on to warn: “Most of these vulnerabilities are frequent assault vectors for malicious cyber actors and pose vital dangers to the federal enterprise.”
Entry administration startup Oleria lands $33M in funding – Cyber Tech
Texas-based care supplier HMG Healthcare says hackers stole unencrypted affected person information – Cyber Tech
Juniper Analysis Reveals Sport-changing Tech For 2026 – Cyber Tech
About The Author
admin
Azeem Rajpoot, the author behind This Blog, is a passionate tech enthusiast with a keen interest in exploring and sharing insights about the rapidly evolving world of technology. With a background in Blogging, Azeem Rajpoot brings a unique perspective to the blog, offering in-depth analyses, reviews, and thought-provoking articles. Committed to making technology accessible to all, Azeem strives to deliver content that not only keeps readers informed about the latest trends but also sparks curiosity and discussions. Follow Azeem on this exciting tech journey to stay updated and inspired.
