Apple has released urgent security updates for older iPhone models to address a series of zero-day vulnerabilities collectively tracked as "Coruna." This sophisticated exploit chain, discovered by cybersecurity researchers at Bitdefender, was actively deployed in targeted espionage campaigns and for the theft of cryptocurrency. The patches, covered in iOS 12.5.7, are critical for devices like the iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation) that no longer receive standard iOS updates. The "Coruna" campaign represents a significant threat, demonstrating that older, unsupported devices remain high-value targets for advanced persistent threat (APT) actors seeking to infiltrate networks and steal sensitive financial assets.
The "Coruna" exploit chain is a multi-stage attack that leverages several critical vulnerabilities in WebKit, Apple's browser engine, and the iOS kernel. Attackers typically initiated the compromise by luring targets to malicious websites. These sites hosted crafted code that, when rendered, exploited the WebKit flaws to execute arbitrary code, effectively breaking out of the browser's security sandbox. This initial foothold was then used to deploy additional exploits targeting the kernel, granting the attackers full, persistent control over the device. This level of access allowed for the installation of powerful spyware capable of harvesting messages, emails, location data, and live microphone recordings, all while remaining stealthy.
The dual-use nature of the "Coruna" attacks is particularly alarming to security professionals. While the infrastructure and techniques bear the hallmarks of state-aligned espionage groups, the same exploits were also weaponized for financial crime. Researchers observed the malware modules being used to hijack cryptocurrency transactions by manipulating clipboard data—a common tactic where a wallet address copied by a user is silently replaced with one controlled by the attacker, diverting funds. This blending of espionage and financial theft maximizes the return on investment for the threat actors and expands the potential victim pool beyond traditional diplomatic or governmental targets to include any individual with valuable crypto holdings.
For users of affected older devices, applying the iOS 12.5.7 update is an immediate and non-negotiable security imperative. This incident underscores a persistent challenge in cybersecurity: the long-tail risk of legacy systems. Organizations and individuals must recognize that devices outside a vendor's standard support lifecycle do not become immune to threats; they often become more attractive targets due to the absence of patches. While upgrading to a supported device is the most robust long-term solution, this emergency patch from Apple is a vital stopgap. It serves as a stark reminder that comprehensive digital hygiene extends beyond the latest software and must include strategic planning for the eventual retirement of all hardware and software assets.
