Coruna -- Nation-State-Grade iOS Exploit Kit
Coruna is the most powerful iOS exploit kit ever publicly analyzed. It contains 27 exploits organized into 5 full chains, covering iOS 13.0 through 17.2.1. Analyzed by Google GTIG in 2025-2026, it is notable for its nation-state-level engineering quality but proliferation into cybercrime.
Overview
| Field | Detail |
|---|---|
| Discovered by | Google Threat Intelligence Group (GTIG) |
| Published | March 2026 |
| iOS range | 13.0 β 17.2.1 |
| Number of exploits | 27 exploits in 5 full chains |
| Delivery | Watering hole (hidden iframe, zero-click in browser) |
| Payload | PlasmaLoader, injected into powerd daemon |
| Threat actors | Surveillance vendor customer, UNC6353 (Russia), UNC6691 (crypto theft) |
| Kaspersky link | Shares code with Operation Triangulation components |
Overall Architecture
Coruna is a self-contained HTML file, embedded as a hidden iframe (zero dimensions). No user interaction needed β the exploit runs entirely in the browser via JavaScript, completing in seconds.
Victim visits compromised website
β
βΌ
Hidden iframe loads Coruna HTML
β
βββ Fingerprint device (iPhone model + iOS version)
β
βββ Select appropriate chain (1 of 5)
β
βββ Execute chain:
Stage 1: WebKit RCE βββ Code execution in WebContent
Stage 2: PAC Bypass βββ Defeat pointer authentication
Stage 3: Sandbox Escape βββ Escape WebContent sandbox
Stage 4: Kernel Exploit βββ Kernel read/write
Stage 5: PPL/SPTM Bypass βββ Full device control
Stage 6: Payload βββ PlasmaLoader inject into powerd
23 Exploits β Details by Category
WebKit RCE (5 exploits)
Three independent WebKit RCE paths, selected at runtime:
| Codename | Target | Technique |
|---|---|---|
| Buffout | macOS Safari | NaN-boxing type confusion |
| Jacurutu | macOS fallback | JIT structure check elimination + Web Worker retry |
| Bluebird | iOS Safari (older) | OfflineAudioContext heap corruption + SVG attribute manipulation |
| Terrorbird | iOS Safari (newer) | Variant of Bluebird for newer WebKit |
| Cassowary | iOS Safari (latest) | Additional WebKit entry point |
All converge on a common arbitrary memory read/write primitive in the WebContent process.
PAC Bypass (5 exploits)
| Codename | Technique |
|---|---|
| Breezy | Confused deputy attack β swap unsigned GOT entries in Apple system frameworks, trigger legitimate PAC-authenticated call paths reading attacker-substituted data |
| Breezy15 | Breezy variant for iOS 15 |
| Seedbell | Variant for different iOS versions |
| Seedbell_16_6 | Seedbell variant for iOS 16.6 |
| Seedbell_17 | Seedbell variant for iOS 17 |
Notable technique:
1. Construct 306-byte WebAssembly module inline in JavaScript
2. Module compiled β hijack dispatch pointer
3. Wasm sandbox becomes a native function call primitive
4. Swap GOT entries in system frameworks (unsigned!)
5. Trigger legitimate PAC-signed code paths
6. Legitimate code reads attacker's data instead of real data
β Bypass PAC without forging any signatures
Why this matters: Instead of forging PAC signatures (hard), Coruna tricks legitimate signed code paths into using attacker data β a βconfused deputyβ approach. No PAC keys needed.
Sandbox Escape (2 exploits)
| Codename | Technique |
|---|---|
| IronLoader | Exploit system service reachable from WebContent sandbox |
| NeuronLoader | Alternative sandbox escape path |
Kernel Privilege Escalation (6 exploits)
| Codename | iOS Target | Technique |
|---|---|---|
| Dynamo | iOS 13-14 | CVE-2020-27950, kernel info leak |
| Neutron | iOS 13-14 | Classic kernel vulnerability |
| Pendulum | iOS 14-15 | Different kernel attack vector |
| Photon | iOS 15-16 | PUAF-based kernel r/w |
| Parallax | iOS 16 | Updated variant |
| Gruber | iOS 17 | Latest kernel exploit, PUAF β physrw |
PPL / SPTM Bypass (5 exploits)
| Codename | Target | Technique |
|---|---|---|
| Quark | iOS 13-14 (PPL) | PPL logic bug |
| Gallium | iOS 14-15 (PPL) | Alternative PPL bypass |
| Carbone | iOS 15-16 (PPL) | Updated PPL bypass |
| Sparrow | iOS 16 (PPL) | Variant |
| Rocket | iOS 17 (SPTM) | GFX coprocessor β self-referencing page table entry β arbitrary physical write |
Deep Dive: Rocket (SPTM Bypass)
This is the most advanced part β bypassing SPTM on iOS 17.
1. Kernel exploit (Gruber) achieves PUAF β physrw primitive
2. But SPTM prevents user pages from becoming kernel/page-table pages
3. Rocket exploits the GFX coprocessor:
a. GFX coprocessor has DMA access (direct memory access)
b. IOMMU configuration for GFX has gaps
c. Exploit GFX to write to page table memory VIA DMA
d. Create a self-referencing page table entry:
ββ PTE points to the page table page itself
ββ Modifying the PTE = modifying the page table itself
ββ β Arbitrary physical address mapping
4. Full physrw bypassing SPTM!
Lesson: SPTM only protects CPU-initiated memory access. DMA from coprocessors (GPU, Neural Engine, β¦) is a separate attack surface.
Payload: PlasmaLoader (PLASMAGRID)
After full device compromise:
1. Inject into powerd (root-level system daemon)
2. Masquerade as com.apple.assistd (legitimate identifier)
3. Persist across app relaunches (but does not survive reboot)
Capabilities:
βββ Hook functions in 18+ cryptocurrency wallet apps
β (MetaMask, Phantom, BitKeep, Trust Wallet, ...)
βββ Scan Apple Notes for BIP39 seed phrases
βββ Scan for keywords: "backup phrase", "bank account", "recovery"
βββ Intercept clipboard content
βββ Exfiltrate data via C2 server
Proliferation Timeline
??? β 2024: Development (English-speaking developer, professional codebase)
Early 2025: Surveillance vendor sells to state customer β targeted operations
Mid 2025: UNC6353 (Russia) uses for watering hole attacks on Ukrainian users
Late 2025: UNC6691 uses fake Chinese finance websites for crypto theft
March 2026: Google GTIG publishes full analysis
Proliferation pattern: Spy tool β state espionage β organized crime. Exploit kits βtrickle downβ from nation-state to cybercriminals.
Relationship with Operation Triangulation
Kaspersky analysis shows Coruna shares code components with Operation Triangulation:
- Same style of MMIO-based PPL bypass
- Similar kernel exploitation techniques
- Possibly the same vendor/developer or a shared exploit marketplace
Technical Lessons
1. Modular Exploit Architecture
27 exploits organized modularly:
- Each stage has multiple alternatives
- Runtime fingerprinting selects the right combination
- One WebKit bug patched? β swap to an alternative
β Resilient against individual patches
2. PAC Bypass via Confused Deputy
Instead of: forging PAC signatures (requires key leak)
Coruna: tricks legitimate code into running with attacker data
β An entire class of PAC bypasses that do not need keys
3. Coprocessor as SPTM Bypass
SPTM protects CPU memory access
DMA from coprocessors = separate trust boundary
β Attack coprocessor's IOMMU β bypass SPTM
β Future research: GPU, ANE, ISP, DSP as kernel attack vectors
4. Documentation Quality
Exploit code has docstrings, comments, English documentation
β Designed for reuse, maintenance, and handoff
β Professional software engineering applied to exploitation
β Raises the bar: exploit development IS software engineering