Google Exposed iPhone Security Flaws Used by Russians to Attack Ukrainian Users

Security researchers at Google have exposed a powerful set of vulnerabilities for iOS called Coruna, which has hacked thousands of iPhone devices.

A report from the Google Threat Intelligence Group (GTIG) revealed that Coruna exploits 23 vulnerabilities.

Coruna is not a single exploit, but a whole set containing five complete attack chains and 23 vulnerabilities in the iOS system, which together allow Apple’s protection to be completely bypassed and control of the device to be gained. These vulnerabilities allow the device to be hacked simply by visiting a malicious website, where a hidden JavaScript framework first collects data about the iPhone model and version, and then launches a sequence of attacks to bypass security.

According to GTIG, Coruna can exploit iPhones running iOS 13.0 through iOS 17.2.1, which means thousands of potentially vulnerable devices if they are not updated to the latest versions of the system.

Google first discovered parts of this toolkit in February 2025, when a surveillance service provider attempted to hack an iPhone to install spyware.

Subsequently, these same tools were spotted in campaigns linked to Russian intelligence groups, which used Coruna in attacks on websites visited by Ukrainian users. Among the attacks were “watering hole” attacks, where malicious code was hidden on websites and launched when a page was loaded without any user interaction.

Coruna then fell into the hands of cybercriminals from China, who placed it on fake cryptocurrency service and betting platform websites, leading to mass iPhone infections.

Expert analysis indicates that Coruna is not just a tool for spying — it can steal financial data, including crypto wallet details and keys, and other sensitive information. However, GTIG itself notes that the new iOS (versions after 17.2.1) is completely protected from this set, and Apple has released appropriate patches to close all known vulnerabilities.

Experts advise users to urgently update their iPhones, enable Lockdown Mode, and avoid suspicious websites, especially those offering financial or cryptocurrency services. The discovery of Coruna highlights serious threats to iPhone owners in Ukraine and around the world, especially among users of older models or those who do not keep their devices up to date with the latest security patches.

Earlier it was reported that the iPhone and iPad became the first and only consumer devices in the world to officially meet the information security requirements of NATO countries.