{"id":47493,"date":"2026-03-09T09:39:15","date_gmt":"2026-03-09T02:39:15","guid":{"rendered":"https:\/\/antoanthongtinhaiphong.gov.vn\/?p=47493"},"modified":"2026-03-11T09:40:21","modified_gmt":"2026-03-11T02:40:21","slug":"coruna-vu-khi-khai-thac-chua-23-lo-hong-tan-cong-iphone-tu-ios-13-den-17","status":"publish","type":"post","link":"https:\/\/antoanthongtinhaiphong.gov.vn\/coruna-vu-khi-khai-thac-chua-23-lo-hong-tan-cong-iphone-tu-ios-13-den-17\/","title":{"rendered":"Coruna: V\u0169 kh\u00ed khai th\u00e1c ch\u1ee9a 23 l\u1ed7 h\u1ed5ng t\u1ea5n c\u00f4ng iPhone t\u1eeb iOS 13 \u0111\u1ebfn 17"},"content":{"rendered":"<div><b>M\u1ed9t b\u1ed9 c\u00f4ng c\u1ee5 khai th\u00e1c l\u1ed7 h\u1ed5ng iOS c\u00f3 \u0111\u1ed9 tinh vi cao mang t\u00ean Coruna \u0111ang b\u1ecb nhi\u1ec1u nh\u00f3m tin t\u1eb7c s\u1eed d\u1ee5ng trong c\u00e1c chi\u1ebfn d\u1ecbch t\u1ea5n c\u00f4ng nh\u1eb1m \u0111\u00e1nh c\u1eafp d\u1eef li\u1ec7u v\u00e0 t\u00e0i s\u1ea3n ti\u1ec1n \u0111i\u1ec7n t\u1eed. Th\u00f4ng tin \u0111\u01b0\u1ee3c c\u00f4ng b\u1ed1 trong nghi\u00ean c\u1ee9u m\u1edbi c\u1ee7a Google Threat Intelligence Group (GTIG).<\/b><br \/>\n\u200b<\/div>\n<div>\n<div class=\"bbImageWrapper  js-lbImage\" title=\"1772780649388.png\" data-src=\"https:\/\/whitehat.vn\/attachments\/1772780649388-png.18555\/\" data-lb-sidebar-href=\"\" data-lb-caption-extra-html=\"\" data-single-image=\"1\"><img loading=\"lazy\" decoding=\"async\" class=\"bbImage\" title=\"1772780649388.png\" src=\"https:\/\/whitehat.vn\/attachments\/1772780649388-png.18555\/\" alt=\"1772780649388.png\" width=\"756\" height=\"392\" data-url=\"\" data-zoom-target=\"1\" \/><\/div>\n<p>\u200bTheo Google, Coruna ban \u0111\u1ea7u xu\u1ea5t hi\u1ec7n trong c\u00e1c ho\u1ea1t \u0111\u1ed9ng gi\u00e1m s\u00e1t th\u01b0\u01a1ng m\u1ea1i v\u00e0 m\u1ed9t s\u1ed1 chi\u1ebfn d\u1ecbch gi\u00e1n \u0111i\u1ec7p m\u1ea1ng. Tuy nhi\u00ean, b\u1ed9 c\u00f4ng c\u1ee5 n\u00e0y sau \u0111\u00f3 \u0111\u00e3 r\u01a1i v\u00e0o tay c\u00e1c nh\u00f3m t\u1ed9i ph\u1ea1m m\u1ea1ng v\u00e0 b\u1ecb t\u00e1i s\u1eed d\u1ee5ng trong c\u00e1c chi\u1ebfn d\u1ecbch l\u1eeba \u0111\u1ea3o nh\u1eb1m \u0111\u00e1nh c\u1eafp ti\u1ec1n \u0111i\u1ec7n t\u1eed v\u00e0 d\u1eef li\u1ec7u ng\u01b0\u1eddi d\u00f9ng. Di\u1ec5n bi\u1ebfn n\u00e0y cho th\u1ea5y m\u1ed9t xu h\u01b0\u1edbng \u0111\u00e1ng ch\u00fa \u00fd: c\u00e1c c\u00f4ng c\u1ee5 khai th\u00e1c t\u1eebng ph\u1ee5c v\u1ee5 ho\u1ea1t \u0111\u1ed9ng gi\u00e1n \u0111i\u1ec7p \u0111ang d\u1ea7n b\u1ecb t\u1ed9i ph\u1ea1m m\u1ea1ng t\u1eadn d\u1ee5ng \u0111\u1ec3 t\u1ea5n c\u00f4ng ng\u01b0\u1eddi d\u00f9ng ph\u1ed5 th\u00f4ng.\u200b<\/p><\/div>\n<div>B\u1ed9 c\u00f4ng c\u1ee5 khai th\u00e1c g\u1ed3m 5 chu\u1ed7i t\u1ea5n c\u00f4ng v\u00e0 23 l\u1ed7 h\u1ed5ng iOS\u200b<\/div>\n<div>Coruna \u0111\u01b0\u1ee3c m\u00f4 t\u1ea3 l\u00e0 m\u1ed9t exploit kit ho\u00e0n ch\u1ec9nh d\u00e0nh cho iOS bao g\u1ed3m 5 chu\u1ed7i khai th\u00e1c v\u00e0 t\u1ed5ng c\u1ed9ng 23 l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt. Ph\u1ea7n l\u1edbn c\u00e1c l\u1ed7 h\u1ed5ng n\u1eb1m trong WebKit &#8211; th\u00e0nh ph\u1ea7n l\u00f5i x\u1eed l\u00fd n\u1ed9i dung web c\u1ee7a Safari v\u00e0 nhi\u1ec1u \u1ee9ng d\u1ee5ng iOS kh\u00e1c.<br \/>\nDanh s\u00e1ch n\u00e0y bao g\u1ed3m c\u1ea3 c\u00e1c l\u1ed7 h\u1ed5ng \u0111\u00e3 \u0111\u01b0\u1ee3c g\u00e1n m\u00e3 CVE v\u00e0 m\u1ed9t s\u1ed1 l\u1ed7i ch\u01b0a t\u1eebng \u0111\u01b0\u1ee3c c\u00f4ng b\u1ed1. M\u1ed9t s\u1ed1 l\u1ed7 h\u1ed5ng \u0111\u00e1ng ch\u00fa \u00fd g\u1ed3m CVE-2024-23222, CVE-2023-32409, CVE-2023-43000 v\u00e0 c\u00e1c l\u1ed7i t\u1eebng \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng trong chi\u1ebfn d\u1ecbch gi\u00e1n \u0111i\u1ec7p Operation Triangulation.<br \/>\nKhai th\u00e1c c\u00e1c l\u1ed7 h\u1ed5ng n\u00e0y cho ph\u00e9p k\u1ebb t\u1ea5n c\u00f4ng th\u1ef1c thi m\u00e3 t\u1eeb xa v\u00e0 tho\u00e1t kh\u1ecfi c\u01a1 ch\u1ebf sandbox c\u1ee7a iOS th\u00f4ng qua n\u1ed9i dung web \u0111\u01b0\u1ee3c t\u1ea1o. Theo \u0111\u00e1nh gi\u00e1 c\u1ee7a Google, b\u1ed9 c\u00f4ng c\u1ee5 c\u00f3 th\u1ec3 nh\u1eafm t\u1edbi c\u00e1c thi\u1ebft b\u1ecb iPhone ch\u1ea1y t\u1eeb iOS 13 \u0111\u1ebfn iOS 17.2.1 v\u1edbi m\u1ee9c \u0111\u1ed9 hi\u1ec7u qu\u1ea3 kh\u00e1c nhau.\u200b<\/div>\n<div>T\u1eeb c\u00f4ng c\u1ee5 gi\u00e1n \u0111i\u1ec7p \u0111\u1ebfn t\u1ed9i ph\u1ea1m t\u00e0i ch\u00ednh\u200b<\/div>\n<div>C\u00e1c nh\u00e0 nghi\u00ean c\u1ee9u l\u1ea7n \u0111\u1ea7u ph\u00e1t hi\u1ec7n Coruna v\u00e0o th\u00e1ng 2\/2025 khi n\u00f3 \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng b\u1edfi kh\u00e1ch h\u00e0ng c\u1ee7a m\u1ed9t c\u00f4ng ty cung c\u1ea5p ph\u1ea7n m\u1ec1m gi\u00e1m s\u00e1t. \u0110\u1ebfn th\u00e1ng 7\/2025, c\u00f4ng c\u1ee5 n\u00e0y ti\u1ebfp t\u1ee5c xu\u1ea5t hi\u1ec7n trong c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng watering hole &#8211; h\u00ecnh th\u1ee9c c\u00e0i m\u00e3 khai th\u00e1c l\u00ean website \u0111\u1ec3 t\u1ea5n c\u00f4ng ng\u01b0\u1eddi truy c\u1eadp nh\u1eafm v\u00e0o m\u1ed9t s\u1ed1 trang web t\u1ea1i Ukraine.<br \/>\n\u0110\u00e1ng ch\u00fa \u00fd, \u0111\u1ebfn th\u00e1ng 12\/2025, Coruna \u0111\u00e3 \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng trong c\u00e1c chi\u1ebfn d\u1ecbch l\u1eeba \u0111\u1ea3o quy m\u00f4 l\u1edbn th\u00f4ng qua c\u00e1c website c\u1edd b\u1ea1c v\u00e0 ti\u1ec1n \u0111i\u1ec7n t\u1eed gi\u1ea3 m\u1ea1o b\u1eb1ng ti\u1ebfng Trung.<br \/>\nTrong c\u00e1c chi\u1ebfn d\u1ecbch n\u00e0y, b\u1ed9 c\u00f4ng c\u1ee5 khai th\u00e1c ph\u00e1t t\u00e1n m\u1ed9t payload \u0111\u1ed9c h\u1ea1i c\u00f3 kh\u1ea3 n\u0103ng qu\u00e9t \u1ea3nh tr\u00ean thi\u1ebft b\u1ecb \u0111\u1ec3 t\u00ecm m\u00e3 QR v\u00ed ti\u1ec1n \u0111i\u1ec7n t\u1eed, d\u00f2 c\u00e1c t\u1eeb kh\u00f3a nh\u01b0 \u201cbackup phrase\u201d ho\u1eb7c \u201cbank account\u201d, \u0111\u1ed3ng th\u1eddi \u0111\u00e1nh c\u1eafp d\u1eef li\u1ec7u t\u1eeb c\u00e1c \u1ee9ng d\u1ee5ng v\u00ed ph\u1ed5 bi\u1ebfn nh\u01b0 MetaMask v\u00e0 BitKeep.<br \/>\nWhiteHat \u0111\u00e1nh gi\u00e1 Coruna \u0111\u00e3 chuy\u1ec3n t\u1eeb c\u00f4ng c\u1ee5 ph\u1ee5c v\u1ee5 ho\u1ea1t \u0111\u1ed9ng gi\u00e1n \u0111i\u1ec7p sang c\u00f4ng c\u1ee5 h\u1ed7 tr\u1ee3 t\u1ed9i ph\u1ea1m t\u00e0i ch\u00ednh quy m\u00f4 l\u1edbn.\u200b<\/div>\n<div>Apple \u0111\u00e3 v\u00e1 c\u00e1c l\u1ed7 h\u1ed5ng li\u00ean quan\u200b<\/div>\n<div>Google cho bi\u1ebft ph\u1ea7n l\u1edbn c\u00e1c l\u1ed7 h\u1ed5ng b\u1ecb Coruna khai th\u00e1c \u0111\u00e3 \u0111\u01b0\u1ee3c Apple v\u00e1 trong c\u00e1c b\u1ea3n c\u1eadp nh\u1eadt iOS g\u1ea7n \u0111\u00e2y, do \u0111\u00f3 b\u1ed9 c\u00f4ng c\u1ee5 n\u00e0y kh\u00f4ng c\u00f2n hi\u1ec7u qu\u1ea3 v\u1edbi c\u00e1c phi\u00ean b\u1ea3n iOS m\u1edbi nh\u1ea5t.<br \/>\nNg\u01b0\u1eddi d\u00f9ng n\u00ean c\u1eadp nh\u1eadt iPhone l\u00ean phi\u00ean b\u1ea3n iOS m\u1edbi nh\u1ea5t, \u0111\u1ed3ng th\u1eddi c\u00f3 th\u1ec3 b\u1eadt ch\u1ebf \u0111\u1ed9 phong t\u1ecfa ho\u1eb7c s\u1eed d\u1ee5ng ch\u1ebf \u0111\u1ed9 duy\u1ec7t web ri\u00eang t\u01b0 khi truy c\u1eadp c\u00e1c website kh\u00f4ng \u0111\u00e1ng tin c\u1eady \u0111\u1ec3 gi\u1ea3m nguy c\u01a1 b\u1ecb khai th\u00e1c.<br \/>\n\u200b<\/div>\n<div><b><i>Theo Help Net Security<\/i><\/b><\/div>\n","protected":false},"excerpt":{"rendered":"<p>M\u1ed9t b\u1ed9 c\u00f4ng c\u1ee5 khai th\u00e1c l\u1ed7 h\u1ed5ng iOS c\u00f3 \u0111\u1ed9 tinh vi cao mang t\u00ean Coruna \u0111ang b\u1ecb nhi\u1ec1u nh\u00f3m tin t\u1eb7c s\u1eed d\u1ee5ng trong c\u00e1c chi\u1ebfn d\u1ecbch t\u1ea5n c\u00f4ng nh\u1eb1m \u0111\u00e1nh c\u1eafp d\u1eef li\u1ec7u v\u00e0 t\u00e0i s\u1ea3n ti\u1ec1n \u0111i\u1ec7n t\u1eed. Th\u00f4ng tin \u0111\u01b0\u1ee3c c\u00f4ng b\u1ed1 trong nghi\u00ean c\u1ee9u m\u1edbi c\u1ee7a Google Threat Intelligence [&hellip;]<\/p>\n","protected":false},"author":20,"featured_media":47494,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"tdm_status":"","tdm_grid_status":"","footnotes":""},"categories":[3,24,35],"tags":[],"class_list":["post-47493","post","type-post","status-publish","format-standard","has-post-thumbnail","category-canh-bao-khuyen-nghi","category-tin-noi-bat","category-tin-tuc-su-kien"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts\/47493","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/users\/20"}],"replies":[{"embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/comments?post=47493"}],"version-history":[{"count":1,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts\/47493\/revisions"}],"predecessor-version":[{"id":47495,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts\/47493\/revisions\/47495"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/media\/47494"}],"wp:attachment":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/media?parent=47493"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/categories?post=47493"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/tags?post=47493"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}