Mysterious iOS Hacks Prompt Urgent Federal Patching Demands

Cybersecurity and Infrastructure Security Agency has ordered federal agencies to patch three critical iOS vulnerabilities that were exploited over a 10-month span in hacking campaigns conducted by three distinct groups.

The hacking campaigns came to light on Thursday in a report published by Google. All three campaigns used Coruna, the name of an advanced hacking kit that amassed 23 separate iOS exploits into five potent exploit chains. While some of the vulnerabilities had been exploited as zero-days in earlier, unrelated campaigns, all had been patched by the time Google observed them being exploited by Coruna. When used against older iOS versions, the kit nonetheless posed a formidable threat given the high caliber of the exploit code and the wide range of capabilities.

"The core technical value of this exploit kit lies in its comprehensive collection of iOS exploits," Google researchers wrote. "The exploits feature extensive documentation, including docstrings and comments authored in native English. The most advanced ones are using non-public exploitation techniques and mitigation bypasses."

The three hacking groups behind the Coruna campaigns were not identified in the report, but Google researchers said the exploits targeted a diverse range of iOS versions, from 12.0 to 13.7, suggesting the groups had deep technical capabilities and access to a broad set of zero-day vulnerabilities.

The disclosure of these iOS vulnerabilities and their exploitation by multiple advanced actors highlights the ongoing challenges faced by device manufacturers and cybersecurity experts in staying ahead of determined and resourceful threat actors. As iOS continues to be a prime target for hackers, the need for robust security measures and timely patching of vulnerabilities remains critical to protect users and organizations from potential attacks.