CISA has ordered U.S. federal agencies to patch three critical iOS security vulnerabilities that are being actively exploited in cyberespionage and cryptocurrency theft attacks. The vulnerabilities are being targeted through the Coruna exploit kit in sophisticated attack campaigns. The flaws affect Apple iOS devices and pose significant risks to government and private sector organizations. Federal agencies have been given a mandatory deadline to implement patches to protect against ongoing exploitation. The attacks demonstrate the continued targeting of mobile devices for both espionage and financial theft purposes.