Coruna is a maintained successor to the Operation Triangulation iOS exploit framework, expanding its capabilities to target modern Apple chips and iOS versions. The kit contains five exploit chains using 23 vulnerabilities and has been repurposed from targeted espionage to broader crypto-theft campaigns. #Coruna #OperationTriangulation
Keypoints
- Coruna evolved from the Operation Triangulation framework that used zero-click iMessage exploits.
- The kit includes five full iOS exploit chains leveraging 23 vulnerabilities, including CVE-2023-32434 and CVE-2023-38606.
- It explicitly targets modern hardware and OS builds, checking for A17 and M3-series chips and iOS up to 17.2.
- Attacks begin in Safari with device fingerprinting, then select RCE/PAC exploits and decrypt payloads using ChaCha20 and LZMA before deploying Mach-O loaders.
- Originally used for espionage, Coruna is now also deployed in financially motivated crypto-theft campaigns, showing ongoing maintenance.