CISA Adds iOS Flaws From Coruna Exploit Kit to KEV List

Of the publicly disclosed bugs, nine were previously flagged as exploited, most of them as zero-days. These includeCVE-2022-48503,CVE-2024-23222,CVE-2023-32409,CVE-2020-27932,CVE-2020-27950,CVE-2023-32434,CVE-2023-38606,CVE-2024-23225, andCVE-2024-23296.There appear to have been no public reports of the exploitation of the remaining three CVEs, namely CVE-2021-30952, CVE-2023-41974, and CVE-2023-43000, before this week’s revelations of the CorunaiOSexploit kit targeting them.Now that CISA has added all three iOS flaws to theKEV catalog, federal agencies have three weeks to identify within their environments any vulnerable devices and to patch them, as mandated by Binding Operational Directive (BOD) 22-01.On Thursday, CISA also warned that older vulnerabilities in multiple Hikvision andRockwellproducts have been exploited in the wild.While BOD 22-01 only applies to federal agencies, all organizations are advised to prioritize the remediation of bugs in the KEV catalog.Related:Google: Half of 2025’s 90 Exploited Zero-Days Aimed at EnterprisesRelated:Android Update Patches Exploited Qualcomm Zero-DayRelated:Apple Patches iOS Zero-Day Exploited in ‘Extremely Sophisticated Attack’Related:In Other News: iOS 26 Deletes Spyware Evidence, Shadow Escape Attack, Cyber Exec Sold Secrets to Russia

There appear to have been no public reports of the exploitation of the remaining three CVEs, namely CVE-2021-30952, CVE-2023-41974, and CVE-2023-43000, before this week’s revelations of the CorunaiOSexploit kit targeting them.Now that CISA has added all three iOS flaws to theKEV catalog, federal agencies have three weeks to identify within their environments any vulnerable devices and to patch them, as mandated by Binding Operational Directive (BOD) 22-01.On Thursday, CISA also warned that older vulnerabilities in multiple Hikvision andRockwellproducts have been exploited in the wild.While BOD 22-01 only applies to federal agencies, all organizations are advised to prioritize the remediation of bugs in the KEV catalog.Related:Google: Half of 2025’s 90 Exploited Zero-Days Aimed at EnterprisesRelated:Android Update Patches Exploited Qualcomm Zero-DayRelated:Apple Patches iOS Zero-Day Exploited in ‘Extremely Sophisticated Attack’Related:In Other News: iOS 26 Deletes Spyware Evidence, Shadow Escape Attack, Cyber Exec Sold Secrets to Russia

Now that CISA has added all three iOS flaws to theKEV catalog, federal agencies have three weeks to identify within their environments any vulnerable devices and to patch them, as mandated by Binding Operational Directive (BOD) 22-01.On Thursday, CISA also warned that older vulnerabilities in multiple Hikvision andRockwellproducts have been exploited in the wild.While BOD 22-01 only applies to federal agencies, all organizations are advised to prioritize the remediation of bugs in the KEV catalog.Related:Google: Half of 2025’s 90 Exploited Zero-Days Aimed at EnterprisesRelated:Android Update Patches Exploited Qualcomm Zero-DayRelated:Apple Patches iOS Zero-Day Exploited in ‘Extremely Sophisticated Attack’Related:In Other News: iOS 26 Deletes Spyware Evidence, Shadow Escape Attack, Cyber Exec Sold Secrets to Russia

On Thursday, CISA also warned that older vulnerabilities in multiple Hikvision andRockwellproducts have been exploited in the wild.While BOD 22-01 only applies to federal agencies, all organizations are advised to prioritize the remediation of bugs in the KEV catalog.Related:Google: Half of 2025’s 90 Exploited Zero-Days Aimed at EnterprisesRelated:Android Update Patches Exploited Qualcomm Zero-DayRelated:Apple Patches iOS Zero-Day Exploited in ‘Extremely Sophisticated Attack’Related:In Other News: iOS 26 Deletes Spyware Evidence, Shadow Escape Attack, Cyber Exec Sold Secrets to Russia

While BOD 22-01 only applies to federal agencies, all organizations are advised to prioritize the remediation of bugs in the KEV catalog.Related:Google: Half of 2025’s 90 Exploited Zero-Days Aimed at EnterprisesRelated:Android Update Patches Exploited Qualcomm Zero-DayRelated:Apple Patches iOS Zero-Day Exploited in ‘Extremely Sophisticated Attack’Related:In Other News: iOS 26 Deletes Spyware Evidence, Shadow Escape Attack, Cyber Exec Sold Secrets to Russia

Related:Google: Half of 2025’s 90 Exploited Zero-Days Aimed at EnterprisesRelated:Android Update Patches Exploited Qualcomm Zero-DayRelated:Apple Patches iOS Zero-Day Exploited in ‘Extremely Sophisticated Attack’Related:In Other News: iOS 26 Deletes Spyware Evidence, Shadow Escape Attack, Cyber Exec Sold Secrets to Russia

Related:Android Update Patches Exploited Qualcomm Zero-DayRelated:Apple Patches iOS Zero-Day Exploited in ‘Extremely Sophisticated Attack’Related:In Other News: iOS 26 Deletes Spyware Evidence, Shadow Escape Attack, Cyber Exec Sold Secrets to Russia

Related:Apple Patches iOS Zero-Day Exploited in ‘Extremely Sophisticated Attack’Related:In Other News: iOS 26 Deletes Spyware Evidence, Shadow Escape Attack, Cyber Exec Sold Secrets to Russia

Related:In Other News: iOS 26 Deletes Spyware Evidence, Shadow Escape Attack, Cyber Exec Sold Secrets to Russia

Ionut Arghire is an international correspondent for SecurityWeek.

Source: SecurityWeek