Apple has provided details on the security content for iOS 16.7.15, iOS 15.8.7, iPadOS 16.7.15, and iPadOS 15.8.7, confirming that the updates address the Coruna vulnerability disclosed recently. Here’s what you need to know.
Apple’s Swift Response to Coruna Exploit Disclosure
Recently, Google and iVerify shared information about the Coruna exploit, a method that utilized multiple vulnerabilities to target iPhones running older iOS versions.
In essence, the exploit makes use of five complete iOS exploit chains and 23 vulnerabilities to target devices running iOS 13 through iOS 17.2.1.
Earlier today, Apple rolled out iOS 16.7.15, iOS 15.8.7, iPadOS 16.7.15, and iPadOS 15.8.7, indicating that the updates contain “important security fixes.”
Now, Apple has released the security details for the updates, confirming that they tackle kernel and WebKit vulnerabilities linked to the Coruna exploit and resolve it on “devices that cannot update to the latest iOS version.”
Here’s the comprehensive security content for iOS 15.8.7 and iPadOS 15.8.7:
Kernel
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)
Impact: An app may be able to execute arbitrary code with kernel privileges. This fix related to the Coruna exploit was initially included in iOS 17 on September 18, 2023. This update extends that fix to devices unable to update to the latest iOS version.
Description: Addressed a use-after-free issue with enhanced memory management.
CVE-2023-41974: Félix Poulin-Bélanger
WebKit
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)
Impact: Processing malicious web content may result in arbitrary code execution. This fix linked to the Coruna exploit was first included in iOS 17.3 on January 22, 2024. This update extends that fix to devices unable to update to the latest iOS version.
Description: Addressed a type confusion issue with improved checks.
WebKit Bugzilla: 267134
CVE-2024-23222
And here’s the complete security content for iOS 16.7.15 and iPadOS 16.7.15:
WebKit
Available for: iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation
Impact: Processing malicious web content may lead to memory corruption. This fix related to the Coruna exploit was initially included in iOS 17.2 on December 11, 2023. This update extends that fix to devices unable to update to the latest iOS version.
Description: Addressed an issue with improved memory handling.
WebKit Bugzilla: 260913
CVE-2023-43010: Apple
To stay informed about Apple’s security releases, visit their official website. And for users with older devices unable to run the latest iOS and iPadOS versions, it’s crucial to ensure that their devices are up to date as well.
Check Out These Deals on Amazon
FTC: We use income earning auto affiliate links. More.
