CORUNA is described as an iOS exploit kit that contains an updated version of a kernel exploit previously used in Operation Triangulation over three years ago, according to Kaspersky. The toolkit targets 23 iOS vulnerabilities, including CVE-2023-32434 and CVE-2023-38606, two kernel bugs exploited in Triangulation as zero-days.
A fresh Kaspersky report says Coruna uses an updated version of the previously identified exploit targeting these defects, with all kernel exploits built on the same framework and sharing code similarities with other kit components. The firm notes that the findings suggest a unified exploitation framework rather than patchwork, and that it appears to be an updated version of the same framework used in Operation Triangulation.
Coruna was used by the Russian state-sponsored group UNC6353 in attacks against Ukraine alongside DarkSword, with a newer iteration of DarkSword leaking on GitHub and potentially enabling broader use. Millions of devices are likely at risk as the kit targets iOS versions containing the disclosed vulnerabilities. according to SecurityWeek's coverage, the evolving framework could see further adoption by other threat actors.