13 matches found
coruna
iOS Orchestrator — Coruna Web server, C2 listener, and intera...
Embedded Malicious Code
Overview art-template is a simple and superfast templating engine that optimizes template rendering speed by scope pre-declared technique, hence achieving runtime performance which is close to the limits of JavaScript. At the same time, it supports both NodeJS and browser. Affected versions of th...
Malicious code in art-template (npm)
Versions 4.13.3, 4.13.5, and 4.13.6 of art-template were published after an npm account takeover and ship a tampered browser bundle lib/template-web.js that loads remote attacker-controlled JavaScript. The final payload is the Coruna iOS exploit kit, which targets Safari on iPhone and iPad and...
Apple Sends Lock Screen Alerts to Outdated iPhones Over Active Web-Based Exploits
Apple is now sending Lock Screen notifications to iPhones and iPads running older versions of iOS and iPadOS to alert users of web-based attacks and urge them to install the update. The development was first reported by MacRumors. "Apple is aware of attacks targeting out-of-date iOS software,...
Apple Warns Older iPhones Vulnerable to Coruna, DarkSword Exploit Kit Attacks
Apple is urging users who are still running an outdated version of iOS to update their iPhones to secure against web-based attacks carried out via powerful exploit kits like Coruna and DarkSword. These attacks employ malicious web content to target out-of-date versions of iOS, triggering an...
A week in security (March 9 – March 15)
Last week on Malwarebytes Labs: Watch out for fake Malwarebytes renewal notices in your calendar Google patches two Chrome zero-days under active attack. Update now Attackers impersonate Temu in ClickFix $Temu airdrop scam Apple patches Coruna exploit kit flaws for older iOS versions This Android...
Apple patches Coruna exploit kit flaws for older iOS versions
On March 3, 2026, Google warned about a powerful exploit kit targeting Apple iPhone models running iOS version 13.0 released in September 2019 up to version 17.2.1 released in December 2023. In the latest security updates, Apple patched the vulnerabilities used in the Coruna exploit kit for older...
Apple Issues Security Updates for Older iOS Devices Targeted by Coruna WebKit Exploit
Apple on Wednesday backported fixes for a security flaw in iOS, iPadOS, and macOS Sonoma to older versions after it was found to be used as part of the Coruna exploit kit. The vulnerability, tracked as CVE-2023-43010 , relates to an unspecified vulnerability in WebKit that could result in memory...
About the security content of iOS 15.8.7 and iPadOS 15.8.7
About the security content of iOS 15.8.7 and iPadOS 15.8.7 This document describes the security content of iOS 15.8.7 and iPadOS 15.8.7. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and...
About the security content of iOS 16.7.15 and iPadOS 16.7.15
About the security content of iOS 16.7.15 and iPadOS 16.7.15 This document describes the security content of iOS 16.7.15 and iPadOS 16.7.15. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred...
Exploit for Type Confusion in Apple Ipados
Coruna Exploit Kit - Deobfuscated CVE-2024-23222 HEAVILY B...
Coruna iOS Exploit Kit Uses 23 Exploits Across Five Chains Targeting iOS 13–17.2.1
Google said it identified a "new and powerful" exploit kit dubbed Coruna aka CryptoWaters targeting Apple iPhone models running iOS versions between 13.0 and 17.2.1. The exploit kit featured five full iOS exploit chains and a total of 23 exploits, Google Threat Intelligence Group GTIG said. It's...
UBUNTU-CVE-2024-23222
A type confusion issue was addressed with improved checks. This issue is fixed in Safari 17.3, iOS 15.8.7 and iPadOS 15.8.7, iOS 16.7.5 and iPadOS 16.7.5, iOS 17.3 and iPadOS 17.3, macOS Monterey 12.7.3, macOS Sonoma 14.3, macOS Ventura 13.6.4, tvOS 17.3, visionOS 1.0.2. Processing maliciously...