Apple has released critical security updates for older iPhone, iPad, and iPod touch models, addressing vulnerabilities exploited by the sophisticated Coruna exploit kit. These updates, including iOS 15.8.7 and iOS 16.7.15, bring crucial patches to devices that can no longer run the latest operating systems, safeguarding them against potential data theft and unauthorized code execution.

Key Takeaways

• Apple has backported security fixes for the Coruna exploit to older iOS and iPadOS versions.

• The updates address vulnerabilities in the Kernel and WebKit components.

• Affected devices include a wide range of older iPhone, iPad, and iPod touch models.

• The Coruna exploit kit has been used in cyberespionage and crypto-theft attacks.

Coruna Exploit Kit Detailed

The Coruna exploit kit is a sophisticated framework that chains together multiple vulnerabilities, reportedly 23 in total across five exploit chains. It targets iPhones running older iOS versions, specifically from iOS 13 up to iOS 17.2.1. Google's Threat Intelligence Group and iVerify discovered that threat actors are actively using Coruna to steal sensitive data from compromised devices, including cryptocurrency wallets.

Vulnerabilities Addressed

The recent updates patch several critical vulnerabilities, including:

• CVE-2023-43010: An unspecified WebKit vulnerability that could lead to memory corruption when processing malicious web content.

• CVE-2023-43000: A use-after-free issue in WebKit, also leading to memory corruption.

• CVE-2023-41974: A use-after-free issue in the kernel, potentially allowing an app to execute arbitrary code with kernel privileges.

• CVE-2024-23222: A type confusion issue in WebKit that could result in arbitrary code execution.

These fixes were originally implemented in newer iOS versions, such as iOS 17.2 and iOS 17.3, but are now being extended to older devices that cannot be updated further.

Affected Devices

The security updates are available for a range of older Apple devices, including:

• iOS 15.8.7 & iPadOS 15.8.7: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation).

• iOS 16.7.15 & iPadOS 16.7.15: iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation.

Urgency for Users

Given that the Coruna exploit kit has been actively used in attacks, including those targeting users in Russia and by financially motivated actors, it is crucial for owners of the affected devices to install these updates immediately. The updates can be found and installed through the device's Settings app under General > Software Update.

Sources

• Apple Issues Security Updates for Older iOS Devices Targeted by Coruna WebKit Exploit, The Hacker News.

• Apple patches older iPhones and iPads against Coruna exploits, BleepingComputer.

• Apple confirms today’s iOS and iPadOS updates fix Coruna exploit, 9to5Mac.

• Apple releases iOS 15.8.7 and iOS 16.7.15 for older devices to patch the Coruna exploit, Neowin.

• Apple issues fix for security bug exploiting older iPhone, iPad, and iPod | Tech News, Business Standard.