Matthias Frielingsdorf on the mysterious Coruna iOS exploit kit discovery

(Presented by TLPBLACK: High-fidelity threat intelligence and research tools for modern security teams. From curated Passive DNS and real-time C2 monitoring to actionable IOC feeds and daily malware samples, we help defenders detect, hunt, and disrupt threats faster, with seamless integration into SIEM and SOAR workflows.)

Matthias Frielingsdorf (co-founder and VP of Research at iVerify) joins the show to discuss the mysterious US government connection to 'Coruna', an iOS exploit kit fitted with 23 exploits across five full chains targeting iPhones iOS 13 through 17.2.1.

We talk about a "gut feeling" connecting this to the L3 Trenchant/Peter Williams exploit sale scandal, how a nation-state-grade exploit kit ended up in the hands of a Chinese cybercrime group chasing crypto wallets, and what it means that criminal organizations are now deploying iPhone zero-days at scale.

Matthias walks through what iVerify can and can't do on Apple's locked-down platform, why he thinks Apple needs to give defenders more access, the Lockdown Mode debate, the thorny issue of sample sharing in the research community, and practical advice for everyday iPhone users facing a threat landscape that just got a lot more complicated.

Links:

• Raw Transcript
• Coruna: The Mysterious Journey of a Powerful iOS Exploit Kit
• iVerify Details First Known Mass iOS Attack
• Coruna: Inside the Nation-State-Grade iOS Exploit Kit (iVerify)
• Wired: A Possible US Government iPhone-Hacking Toolkit Is Now in the Hands of Foreign Spies and Criminals
• Lockdown Mode or Nothing
• Zero-day reality check: iOS exploitation
• About Lockdown Mode (Apple)
• Charlie Miller on hacking iPhones, Macbooks
• TLPBLACK