Feds take notice of iOS vulnerabilities exploited under mysterious circumstances

The Cybersecurity and Infrastructure Security Agency has directed federal agencies to address three critical iOS vulnerabilities that were exploited by three distinct hacking groups over a 10-month period. Google's report revealed the use of an advanced hacking kit called Coruna, which contained 23 iOS exploits in five potent chains. While the vulnerabilities had been patched by Apple, the exploits were still effective against older iOS versions, posing a significant threat due to their high-quality code and capabilities. CISA has included these vulnerabilities in its list of known exploited vulnerabilities, urging all organizations to patch them, as they affect iOS versions 13 to 17.2.1 and have advanced features like a unique JavaScript framework for device fingerprinting.