Apple has had a hard time lately with critical exploits plaguing iPhones all around the world. In mid-February, Google’s Threat Analysis Group discovered a critical zero-day vulnerability in Apple’s iOS software that gave hackers full control of a “small subset” of targeted iPhones. This month, reports revealed that an entire exploit tool kit has been successfully used by hackers in Russia and China. The worst part is that mounting evidence suggests the kit came from the United States, possibly even from our very own government.
Chock-full of vulnerabilities
According to Google’s full report, the exploit tool kit — dubbed Coruna — consists of five exploit chains and 23 exploits in total, all targeted at iPhones running iOS 13 to iOS 17.2.1. Mobile security experts at iVerify corroborated the report, claiming that 42,000 iPhones were affected.
Are there more zero-day vulnerabilities in iOS that we don’t know about? Almost certainly yes.
An exploit chain is the path a hacker can use to bypass a device’s security controls via exploits to gain access. In other words, if your phone’s software was a map, an exploit chain is the route a driver could take through different toll areas to reach the final destination. Even one exploit chain — or route — is enough to break into a device, but the fact that five routes exist within Coruna makes it a sophisticated hacking resource unlike anything security researchers have seen on iOS.
Google notes that Coruna has already been exploited by a “customer of a surveillance company,” as well as foreign nations, namely China and Russia. More alarming than that, however, “multiple threat actors” have also gained access to exploit techniques that can be customized to leverage new and unknown vulnerabilities for future attacks.
Image credit: Google
Where did Coruna come from?
Now that Coruna is out in the open, it only makes sense to wonder where it came from. Its sophisticated nature makes it highly unlikely that an independent hacker threw it together. Instead, several pieces of evidence point toward government intervention.
For starters, the tool kit’s source materials are all written in native English, suggesting English origins. Second, two of the exploits in the chain are linked directly to Operation Triangulation, a hardware vulnerability discovered in Apple’s first-party processing chips by Russian cybersecurity company Kaspersky. Russian government officials blamed the NSA for this exploit back in 2023, but the U.S. government denied any connection.
Third, iVerify’s co-founder and COO, Rocky Cole, reportedly called Coruna’s code “superb,” going on to state, “It was elegantly written. It’s fluid and holds together very well. There were comments in the code that, as someone who’s been around the U.S. defense industrial base for years, really are reminiscent of the sort of insider jokes and insider remarks that you might see from a U.S. based coder. Certainly they were native English language speakers.”
For what it’s worth, Kaspersky recently denied that Coruna is linked to the NSA, despite the evidence outlined above. Regardless of the tool kit’s origin, researchers are unsure how it made it into the hands of foreign entities.
RELATED: Apple issues a critical software update for iPhone. Install it now!
Photo by Matt Cardy/Getty Images
Bigger signs of Apple’s compromised security
Apple’s iOS mobile platform is notoriously hard for hackers to crack, thanks to its closed nature, often frustrating U.S. criminal investigation agencies with its strong end-to-end encryption practices. The Coruna tool kit, however, changes everything. It’s the biggest collection of exploits to hit iOS since its inception in 2007. It’s also part of a growing trend that undermines Apple’s once-impenetrable software security and privacy protocols.
Just last month, Apple released iOS 26.3 to patch a critical zero-day vulnerability dubbed CVE-2026-20700. Although this remains to be a major threat to iPhone users, this exploit is not part of the Coruna tool kit. These are completely independent issues. Are there more zero-day vulnerabilities in iOS that we don’t know about? Almost certainly yes.
Tips to secure your device
That doesn’t mean there’s nothing you can do. As software vulnerabilities become more prevalent, the best way to keep your devices safe and secure is to make sure you always have the latest iOS updates downloaded and installed on your phone, tablet, and laptop.
The exploits in the Coruna tool kit that plagued iOS 13 through 17.2.1, as well as CVE-2026-20700 for iOS 26, have all been patched. If you haven’t updated your iPhone to the newest software, or if you’re not sure which version you have, check for updates by opening the Settings app. Then go to General, Software Update, and make sure you’re on one of these versions, depending on your phone’s model:
iOS 26.3.1 (iPhone 11 and up);iOS 18.7.5 (Phone XS, XS Max, and XR);iOS 16.7.14 (iPhone 8, 8 Plus, and X);iOS 15.8.6 (iPhone 6s and 7); oriOS 12.5.8 (iPhone 5s, 6, 6 Plus).
If you want even more protection from exploits and vulnerabilities, you can secure your private data with Apple’s Advanced Data Protection built directly into iCloud. Then for maximum protection, Apple offers Lockdown Mode, though this feature isn’t meant for everybody. Since it will ultimately restrict many of the features and functions of your device, it’s only meant for high-profile cyber-criminal targets like politicians, celebrities, and investigative journalists.
Tech, Ios exploit, Iphone, Coruna, Cybersecurity, Operation triangulation, Kaspersky
