Why Google cybersecurity researchers are asking iPhone users to update their phones immediately as conflict in Middle East continues
Publish Date: 2026-03-07 08:11:00
Source Domain: timesofindia.indiatimes.com
Representative Image. In Pic: iPhone 15 Google cybersecurity researchers are urging iPhone users to update their devices to the latest version of iOS immediately. This comes after the Google Threat Intelligence Group (GTIG) discovered a dangerous exploit kit that targets a wide range of older iPhone software versions. The warning comes as geopolitical tensions, including the ongoing conflict in the Middle East, raise concerns that cyber tools may be used in targeted surveillance or espionage campaigns.GITG researchers have recently discovered an exploit kit called Coruna that targets iPhones running iOS 13 through iOS 17.2.1. The toolkit includes multiple vulnerabilities that attackers can use to gain control of a device and extract sensitive data. According to Google, the exploit kit does not work on the latest version of iOS, which is why the company is advising users to update their devices immediately.
What Google cybersecurity researchers discovered
In a report, GITG researchers have revealed that the Coruna exploit kit contains five full exploit chains and 23 separate exploits that allow attackers to compromise different versions of iOS. Google researchers said the toolkit uses a combination of browser-based vulnerabilities and system-level exploits to gain access to a device.The attack process typically begins when an iPhone user visits a malicious or compromised website. A hidden script then identifies the device type and the iOS version running on it. Based on this information, the system delivers a specific exploit designed to work on that device.Google said one of the vulnerabilities used in the attacks (CVE-2024-23222) was a zero-day before Apple fixed it in iOS 17.3. GTIG said the exploit toolkit appears to have circulated among several different threat actors over time.Researchers first identified parts of the exploit chain in February 2025, when it was being used by a customer of a commercial surveillance vendor. Later in the year, the same toolkit…
Source
