
Matthias Frielingsdorf on the mysterious Coruna iOS exploit kit discovery
From Three Buddy Problem by Security Conversations
March 5, 2026 · 39 min
About this episode
Matthias Frielingsdorf discusses the Coruna iOS exploit kit and its implications for cybersecurity.
( Presented by TLPBLACK : High-fidelity threat intelligence and research tools for modern security teams. From curated Passive DNS and real-time C2 monitoring to actionable IOC feeds and daily malware samples, we help defenders detect, hunt, and disrupt threats faster, with seamless integration into SIEM and SOAR workflows. ) Matthias Frielingsdorf (co-founder and VP of Research at iVerify) joins the show to discuss the mysterious US government connection to 'Coruna', an iOS exploit kit fitted with 23 exploits across five full chains targeting iPhones iOS 13 through 17.2.1. We talk about a "gut feeling" connecting this to the L3 Trenchant/Peter Williams exploit sale scandal, how a nation-state-grade exploit kit ended up in the hands of a Chinese cybercrime group chasing crypto wallets, and what it means that criminal organizations are now deploying iPhone zero-days at scale. Matthias walks through what iVerify can and can't do on Apple's locked-down platform, why he thinks Apple needs to give defenders more access, the Lockdown Mode debate, the thorny issue of sample sharing in the research community, and practical advice for everyday iPhone users facing a threat…
People in this episode
Guest: Matthias Frielingsdorf
Topics covered
- iOS exploit kit
- cybersecurity
- nation-state threats
- malware
- Apple security
- crypto wallets
Keywords
- Coruna
- iOS exploit kit
- zero-days
- cybercrime
- threat intelligence
- Apple security
- malware samples
Sponsors
TLPBLACK
Mentioned in this episode
Organizations: iVerify, Apple, L3 Trenchant
Places: US, China
More episodes of Three Buddy Problem
- Mythos, Fable, and Anthropic's Big Trust Problem · June 12, 2026 · 1h 59m
- Fast16, Fanny, and Stuxnet: Cyber Paleontology Redux · June 5, 2026 · 2h 24m
- Microsoft Threatens Vuln Researchers; Shadow Brokers Revisited · May 30, 2026 · 1h 60m
- Aaron Portnoy on Pwn2Own, the End of Easy Bugs, and AI-Fueled Offense · May 27, 2026 · 40 min
- Perri Adams on Proof Engines, LLMs, and the New Era of Verifiable Code · May 26, 2026 · 40 min
- Find 50,000 Bugs, Fix Zero: Gabriel Bernadett-Shapiro on the AI Vuln Trap · May 26, 2026 · 50 min
Explore listener stats, chart rankings, contacts and more on the Three Buddy Problem podcast page.