What is the Coruna iPhone exploit kit?

A sophisticated iPhone-hacking toolkit in the wild

Security researchers, including teams at Google, have described a complex exploit toolkit known as “Coruna” that has been used to compromise iPhones via malicious websites. The kit bundles multiple browser and device exploits into a chain that can jailbreak or take control of targeted phones without user interaction under some conditions.

What is known

• Capabilities: the toolkit is built to exploit vulnerabilities in mobile browsers and iOS systems so that visiting a crafted webpage can lead to a device compromise. Researchers say it is technically advanced and modular.
• Origin and spread: investigators have found signs the toolset was developed and used by an entity with the resources to assemble zero‑day chains. Some indicators suggest a government contractor origin, but that link is disputed; Kaspersky has rejected claims tying the toolkit directly to the NSA. Independently, researchers report that variants of the toolkit have been repurposed by criminal groups and foreign actors.
• Scale: public reporting indicates the toolset has likely infected a large number of devices — researchers describe the scale as tens of thousands of phones or more — but precise figures are uncertain.

What to do now

• Apply software updates as soon as Apple issues them; patches fix the underlying vulnerabilities exploited by these kits.
• Avoid clicking unexpected links and visiting untrusted web pages, especially in messages and ads.
• Use recommended security practices: enable automatic updates, limit exposure to risky browsing, and follow guidance from device vendors and security teams.

Many details remain uncertain — notably the full provenance of Coruna and the exact number of affected devices — but the incident underscores how powerful exploit toolsets can move from high‑end offensive use into criminal markets, increasing risk to ordinary users.