The need for Lockdown mode is becoming more apparent, even with Apple having patched this iPhone-hacking vulnerability in iOS 26.
The emergence of a fresh iPhone-hacking exploit underscores a harsh reality: government-developed offensive cyber tools ultimately pose a threat to everyone.
Uncovered by Google’s Threat Intelligence Group (GTIG) and iVerify, the Coruna exploit is capable of compromising iPhones operating on iOS versions 13 up to 17.2.1; however, Apple has implemented security measures against this particular threat in iOS 26.
Understanding Coruna’s Capabilities
Coruna poses a significant threat, capable of hijacking any iOS device simply by a user visiting a compromised website. This exploit perfectly demonstrates that weaponized hacking tools, far from enhancing our safety, only serve to increase overall insecurity.
Coruna possesses the ability to extract data, cryptocurrency details, and personal information. Upon successful compromise, the exploit installs software granting root access, enabling it to deploy further modules and gather text snippets from the affected device.
This sophisticated toolkit comprises five exploit chains and 23 vulnerabilities, seemingly engineered for device infiltration and sensitive data exfiltration. The kit’s overall complexity strongly suggests it was developed by a well-funded nation-state hacking entity.
Its advanced nature allows it to detect when a device is operating in Lockdown Mode, prompting it to halt its attack at that moment.
Is it U.S.-Originated?
Its polished code, extensive tools, and novel exploitation techniques and security evasion tactics indicate a well-funded exploit. This exploit was initially observed being utilized by surveillance-as-a-service mercenary companies, subsequently by a Russian espionage outfit, and later by a Chinese group. Wired suggests it “may have been originally created by a US contractor and sold to the American government.”
Put differently, this serves as a prime example of how advanced attacks, initially crafted for state-level operations, are capable of, and are already, migrating into the criminal underworld.
iVerify’s experts, who also analyzed the exploit, caution: “Coruna stands as one of the most compelling instances we’ve encountered where advanced, spyware-grade functionalities have spread from commercial surveillance providers to nation-state entities and eventually into large-scale criminal endeavors.”
This attack clearly illustrates that the true path to effective digital security for all lies in ensuring universal safety across the entire digital ecosystem.
Concepts like a ‘safe hack,’ a ‘controllable zero-day attack,’ or a ‘safe backdoor’ are fundamentally flawed.
Backdoors Offer No Security
Regarding Coruna, specialists caution that thousands, possibly tens of thousands, of iPhones may have already been compromised due to its effectiveness and widespread dissemination. This presents a significant risk, especially considering that 26% of all iPhones released since 2022 are not yet operating on iOS 26 and are therefore unprotected against this exploit.
iVerify issued a warning, stating: “The mobile threat landscape is constantly evolving, and sophisticated tools previously aimed at heads of state are now being directed at everyday iPhone users.”
Such an outcome was unavoidable. Advanced attack tools developed by state-sponsored hackers or their associates are bound to disseminate more broadly over time; for instance, even the initial Pegasus software exploits from the NSO Group are reportedly now offered for sale on the dark web.
These high-stakes attacks were initially directed at human rights defenders and journalists across the Middle East and Europe. Although these exploits are often characterized as too complex and expensive for most people to worry about, the reality is that their widespread proliferation ultimately endangers everyone.
Collective Action Needed
Apple is clearly striving to maintain its lead in cybersecurity. Last year, the company significantly increased its security bounty, and its new Memory Integrity Enforcement (MIE) feature is expected to bolster platform security against similar attacks.
However, perfect security is unattainable, human error persists as the primary vulnerability, and average users face a growing risk of encountering advanced attacks as these threats trickle down.
Coruna might have been active for several years. For anyone genuinely concerned with security, the creators of these exploits should have chosen to disclose the vulnerability to Apple rather than weaponizing it for profit. Collaborative efforts enhance safety for everyone. Conversely, a failure to cooperate will leave no one secure, ultimately harming us all.
