CISA Adds iOS Vulnerabilities Exploited by Coruna Exploit Kit to KEV List

Anuj March 6, 2026
CISA-Adds-iOS-Vulnerabilities-Exploited-by-Coruna-Exploit-Kit-to-KEV-Listdata
Post Views: 269

Coruna iOS Exploit Kit Added to CISA’s KEV List

A recently disclosed iOS exploit kit, known as Coruna, has been added to the US Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities (KEV) list. The kit contains exploits for 23 vulnerabilities in iOS versions spanning four years, from iOS 13.0 to iOS 17.2.1. However, it is ineffective against the latest versions of Apple’s mobile platform.

Exploit Kit Details

Coruna has been used by multiple threat actors, including a customer of a spyware vendor, a Russian espionage group, and a financially motivated Chinese group. The exploit kit uses a combination of ‘second-hand’ zero-day exploits to fingerprint devices and load the appropriate WebKit remote code execution (RCE) exploit. It then bypasses various platform mitigations and injects a payload into the ‘powerd’ daemon running as root.

The payload targets the victim’s financial information and can also load additional modules for exfiltrating cryptocurrency wallets and sensitive information from multiple applications. Of the 23 security defects targeted by the exploit kit, 12 have been assigned a CVE identifier. All the exploited issues, whether publicly disclosed or not, have been patched.

Affected Vulnerabilities

Nine of the publicly disclosed bugs were previously flagged as exploited, most of them as zero-days. These include:

  • CVE-2022-48503
  • CVE-2024-23222
  • CVE-2023-32409
  • CVE-2020-27932
  • CVE-2020-27950
  • CVE-2023-32434
  • CVE-2023-38606
  • CVE-2024-23225
  • CVE-2024-23296

The remaining three CVEs, namely CVE-2021-30952, CVE-2023-41974, and CVE-2023-43000, had no public reports of exploitation before the Coruna iOS exploit kit was disclosed.

CISA’s Response

CISA has added all three iOS flaws to the KEV catalog, giving federal agencies three weeks to identify and patch vulnerable devices within their environments, as mandated by Binding Operational Directive (BOD) 22-01. While BOD 22-01 only applies to federal agencies, all organizations are advised to prioritize the remediation of bugs in the KEV catalog.

Additional Warnings

In addition to the Coruna exploit kit, CISA also warned that older vulnerabilities in multiple Hikvision and Rockwell products have been exploited in the wild. Organizations are urged to take proactive measures to address these vulnerabilities and prevent potential attacks.


Blog Image

About Author

Anuj

See author's posts

More Stories

www.news4hackers.com-chainguard-athena-coalition-delivers-2-000-patches-to-500-open-source-projects-chainguard-athena-coalition-delivers-2-000-patches-to-500-open-source-projects-1

AI’s Impact on Enterprise Browsers: CISO Role Evolution and Leadership Stress Management

Anuj June 17, 2026
www.news4hackers.com-china-linked-jdy-botnet-expands-targeting-us-military-networks-cybersecurity-threats--china-linked-jdy-botnet-expands-targeting-us-military-networks-cybersecurity-threats-

China-Linked JDY Botnet Expands Targeting US Military Networks Cybersecurity Threats,

Anuj June 11, 2026
www.news4hackers.com-cambodia-job-scams-expand-into-global-human-trafficking-ring-investigation-cambodia-job-scams-expand-into-global-human-trafficking-ring-investigation-2

India Loses Billions to Cybercrime as Digital Arrest Scam Rises Alarms Globally

Anuj June 10, 2026

Latest Cyber Security News

www.news4hackers.com-mastodon-4-6-introduces-profile-collections-and-two-factor-security-controls-mastodon-4-6-introduces-profile-collections-and-two-factor-security-controls-3

Apple Fixes Beats Eavesdropping Flaw, DOT Ends Delta CrowdStrike Probe, AWS Continuum Updates

Anuj June 19, 2026
www.news4hackers.com-mastodon-4-6-introduces-profile-collections-and-two-factor-security-controls-mastodon-4-6-introduces-profile-collections-and-two-factor-security-controls-2

Cybercriminals Exploit GitHub, YouTube, and VirusTotal to Distribute Crypto-Stealing Malware

Anuj June 19, 2026
www.news4hackers.com-mastodon-4-6-introduces-profile-collections-and-two-factor-security-controls-mastodon-4-6-introduces-profile-collections-and-two-factor-security-controls-1

Splunk Enterprise RCE Vulnerability (CVE-2026-20253) Under Active Exploitation

Anuj June 19, 2026
www.news4hackers.com-mastodon-4-6-introduces-profile-collections-and-two-factor-security-controls-mastodon-4-6-introduces-profile-collections-and-two-factor-security-controls

Mastodon 4.6 Introduces Profile Collections and Two-Factor Security Controls

Anuj June 19, 2026
www.news4hackers.com-meteor-3-0-migration-rocket-chat-s-shift-from-end-of-life-node-js-runtime-meteor-3-0-migration-rocket-chat-s-shift-from-end-of-life-node-js-runtime-2

How the Klue Supply Chain Attack Impacted Cybersecurity Firms

Anuj June 19, 2026
en_USEnglish
en_USEnglish