Apple just released a batch of security updates for older iOS to protect devices that don’t support iOS 26 from a severe exploit kit known as Coruna.
Here’s what iOS updates were released today:
- iOS 15.8.7
- iPadOS 15.8.7
- iOS 16.7.15
- iPadOS 16.7.15
Google Threat Intelligence Group recently discovered the Coruna exploit kit. This malicious framework chains together 23 different vulnerabilities to attack target devices. Security researchers discovered that threat actors are actively using Coruna to steal data from compromised phones.
Apple originally patched these specific security flaws in the iOS 17 branch between late 2023 and early 2024. And now, almost three years later, the company is releasing the fix for older devices.
Here are the changelogs for 16.7.15 and iPadOS 16.7.15 updates:
“WebKit
Available for: iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation
Impact: Processing maliciously crafted web content may lead to memory corruption. This fix associated with the Coruna exploit was shipped in iOS 17.2 on December 11th, 2023. This update brings that fix to devices that cannot update to the latest iOS version.
Description: The issue was addressed with improved memory handling.”
Here are the changelogs for iOS 15.8.7 and iPadOS 15.8.7 updates:
“Kernel
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)
Impact: An app may be able to execute arbitrary code with kernel privileges. This fix associated with the Coruna exploit was shipped in iOS 17 on September 18, 2023. This update brings that fix to devices that cannot update to the latest iOS version.
Description: A use-after-free issue was addressed with improved memory management.
CVE-2023-41974: Félix Poulin-Bélanger
WebKit
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to arbitrary code execution. This fix associated with the Coruna exploit was shipped in iOS 17.3 on January 22, 2024. This update brings that fix to devices that cannot update to the latest iOS version.
Description: A type confusion issue was addressed with improved checks.
WebKit Bugzilla: 267134
CVE-2024-23222
WebKit
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to memory corruption. This fix associated with the Coruna exploit was shipped in iOS 16.6 on July 24, 2023. This update brings that fix to devices that cannot update to the latest iOS version.
Description: A use-after-free issue was addressed with improved memory management.
WebKit Bugzilla: 255951
CVE-2023-43000: Apple
WebKit
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to memory corruption. This fix associated with the Coruna exploit was shipped in iOS 17.2 on December 11th, 2023. This update brings that fix to devices that cannot update to the latest iOS version.
Description: The issue was addressed with improved memory handling.”
If you’re using one of the mentioned devices, make sure to update your iPhone by going to Settings > General > Software Update.
0 Comments
Load the comments and join the conversation!
Read the comments, ask the editors questions, show respect and join the conversation.