DigiNews

Summary

Google's GTIG reveals Coruna, a sophisticated iOS exploit kit with five exploit chains and 23 exploits aimed at iPhone versions from iOS 13 onward. The post traces its deployment across targeted campaigns by multiple actors, describes the RCE/PAC bypass chains, the end PlasmaLoader payload, and the use of a Lazarus-seeded DGA for C2 domains. It also provides IOCs and defense recommendations, including updating iOS and enabling Lockdown Mode.