The US Cybersecurity and Infrastructure Security Agency has issued a directive to federal agencies to apply patches for three critical iOS vulnerabilities that were exploited by hackers over a 10-month period. These vulnerabilities were leveraged by three separate groups as part of sophisticated hacking campaigns, utilizing an advanced kit known as Coruna, which combined 23 iOS exploits into five potent exploit chains. Notably, some of these vulnerabilities had been previously exploited as zero-days in unrelated campaigns, but all had been patched by the time Google detected the activity1. The fact that these vulnerabilities were exploited in targeted hacking campaigns underscores the importance of prompt patching. This incident highlights the shrinking window for applying patches, particularly when zero-day activity is involved, making it essential for organizations to assess their exposure and apply patches immediately.
Feds take notice of iOS vulnerabilities exploited under mysterious circumstances
⚠️ Critical Alert
Why This Matters
Zero-day activity targeting Google means patching windows are already closing — assess your exposure immediately.
References
- Ars Technica. (2026, March 6). Feds take notice of iOS vulnerabilities exploited under mysterious circumstances. https://arstechnica.com/security/2026/03/cisa-adds-3-ios-flaws-to-its-catalog-of-known-exploited-vulnerabilities/
Original Source
Ars Technica
Read original →