Apple has detailed the security fixes in today's iOS 16.7.15, iOS 15.8.7, iPadOS 16.7.15, and iPadOS 15.8.7 updates, confirming they address the Coruna exploit that targeted older iPhones and iPads.
Apple has published detailed security content for today's iOS and iPadOS updates, confirming they address the Coruna exploit that was publicly disclosed last week by Google and iVerify. The updates bring critical security fixes to devices that cannot run the latest iOS versions.
What is the Coruna exploit?
The Coruna exploit is a sophisticated attack chain that leverages five separate iOS exploit chains and 23 total vulnerabilities to target iPhones running older iOS versions. According to the original disclosure, the exploit affects devices running iOS 13 through iOS 17.2.1, making it particularly dangerous for users who haven't updated to the latest software.
Google and iVerify revealed that Coruna chains together multiple vulnerabilities to achieve complete device compromise, allowing attackers to execute arbitrary code and potentially gain full control over affected devices.
Security fixes for iOS 15 and iPadOS 15 devices
For devices running iOS 15.8.7 and iPadOS 15.8.7, Apple has confirmed fixes for both kernel and WebKit vulnerabilities:
Kernel vulnerability (CVE-2023-41974)
- Devices affected: iPhone 6s, iPhone 7, iPhone SE (1st gen), iPad Air 2, iPad mini (4th gen), iPod touch (7th gen)
- Impact: An app may be able to execute arbitrary code with kernel privileges
- Original fix date: September 18, 2023 (iOS 17)
- Description: A use-after-free issue was addressed with improved memory management
WebKit vulnerabilities
- CVE-2024-23222: Type confusion issue fixed January 22, 2024 (iOS 17.3)
- CVE-2023-43000: Use-after-free issue fixed July 24, 2023 (iOS 16.6)
- CVE-2023-43010: Memory handling issue fixed December 11, 2023 (iOS 17.2)
All WebKit fixes target the same set of older devices and address memory corruption issues that could occur when processing maliciously crafted web content.
Security fixes for iOS 16 and iPadOS 16 devices
For slightly newer devices running iOS 16.7.15 and iPadOS 16.7.15, Apple has confirmed a single WebKit fix:
WebKit vulnerability (CVE-2023-43010)
- Devices affected: iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th gen, iPad Pro 9.7-inch, iPad Pro 12.9-inch (1st gen)
- Impact: Processing maliciously crafted web content may lead to memory corruption
- Original fix date: December 11, 2023 (iOS 17.2)
- Description: The issue was addressed with improved memory handling
Why these updates matter
Apple's decision to backport these security fixes to older operating systems demonstrates the severity of the Coruna exploit. By releasing these updates, Apple ensures that devices unable to run iOS 17 still receive protection against this sophisticated attack chain.
Users with older devices should immediately update to iOS 15.8.7, iOS 16.7.15, iPadOS 15.8.7, or iPadOS 16.7.15 depending on their device's capabilities. The updates are available now through the Settings app under General > Software Update.
For more information about Apple's security releases, visit Apple's security content page.
Comments
Please log in or register to join the discussion