The severity is CRITICAL due to the real-world exploitation by multiple threat actors including nation-state and criminal groups. The vulnerabilities allow for full device compromise, from WebKit RCE to kernel privilege escalation.
Three iOS vulnerabilities exploited by the Coruna exploit kit are targeted in cyberespionage and crypto-theft attacks. The exploits work on older versions of iOS but are mitigated in newer versions, private browsing mode, or with Lockdown Mode enabled.
Affected Systems
- Apple iOS
Affected Versions: All versions before the latest update
Remediation
- Update all Apple devices to the latest version of iOS as soon as possible.
- Enable Lockdown Mode on all devices that require enhanced security against spyware attacks.
- Ensure all browsing is done in private mode to avoid certain exploit chains.
Stack Impact
This affects mobile devices primarily, specifically those running outdated versions of Apple's iOS operating system. No specific services within the stack are directly affected.