News

Apple confirms today’s iOS and iPadOS updates fix Coruna exploit – 9to5Mac

News Room
News Room
Apple confirms today’s iOS and iPadOS updates fix Coruna exploit – 9to5Mac

Apple has detailed the security content for iOS 16.7.15, iOS 15.8.7, iPadOS 16.7.15, and iPadOS 15.8.7, confirming that the updates address the Coruna vulnerability disclosed last week by Google and iVerify. Here are the details.

Apple moved quickly after the Coruna exploit became public

A few days ago, Google and iVerify published details on Coruna, an exploit that chained multiple vulnerabilities to target iPhones running older iOS versions.

In a nutshell, the exploit leverages five full iOS exploit chains and 23 vulnerabilities to vulnerable devices running iOS 13 through iOS 17.2.1.

Earlier today, Apple released iOS 16.7.15, iOS 15.8.7, iPadOS 16.7.15, and iPadOS 15.8.7, stating only that the system updates contained “important security fixes”.

Now, Apple has published the security content for the updates, confirming that they address kernel and WebKit vulnerabilities associated with the Coruna exploit, and that they fix it on “devices that cannot update to the latest iOS version.”

Here’s the full security content for iOS 15.8.7 and iPadOS 15.8.7:

Kernel

Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)

Impact: An app may be able to execute arbitrary code with kernel privileges. This fix associated with the Coruna exploit was shipped in iOS 17 on September 18, 2023. This update brings that fix to devices that cannot update to the latest iOS version.

Description: A use-after-free issue was addressed with improved memory management.

CVE-2023-41974: Félix Poulin-Bélanger

WebKit

Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)

Impact: Processing maliciously crafted web content may lead to arbitrary code execution. This fix associated with the Coruna exploit was shipped in iOS 17.3 on January 22, 2024. This update brings that fix to devices that cannot update to the latest iOS version.

Description: A type confusion issue was addressed with improved checks.

WebKit Bugzilla: 267134

CVE-2024-23222

WebKit

Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)

Impact: Processing maliciously crafted web content may lead to memory corruption. This fix associated with the Coruna exploit was shipped in iOS 16.6 on July 24, 2023. This update brings that fix to devices that cannot update to the latest iOS version.

Description: A use-after-free issue was addressed with improved memory management.

WebKit Bugzilla: 255951

CVE-2023-43000: Apple

WebKit

Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)

Impact: Processing maliciously crafted web content may lead to memory corruption. This fix associated with the Coruna exploit was shipped in iOS 17.2 on December 11th, 2023. This update brings that fix to devices that cannot update to the latest iOS version.

Description: The issue was addressed with improved memory handling.

WebKit Bugzilla: 260913

CVE-2023-43010: Apple

And here’s the full security content for iOS 16.7.15 and iPadOS 16.7.15:

WebKit

Available for: iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation

Impact: Processing maliciously crafted web content may lead to memory corruption. This fix associated with the Coruna exploit was shipped in iOS 17.2 on December 11th, 2023. This update brings that fix to devices that cannot update to the latest iOS version.

Description: The issue was addressed with improved memory handling.

WebKit Bugzilla: 260913

CVE-2023-43010: Apple

To learn more about Apple’s security releases, follow this link. And if you have an older device that can’t run the latest iOS and iPadOS versions, it is really important that you check whether they’re up to date as well.

Worth checking out on Amazon

Add 9to5Mac as a preferred source on Google
Add 9to5Mac as a preferred source on Google

FTC: We use income earning auto affiliate links. More.

Share This Article
Previous Article Cambridge to house world-leading IonQ quantum computer – UKTN Cambridge to house world-leading IonQ quantum computer – UKTN
Next Article Phantom Blade Zero to launch on Sept. 9, 2026, S-GAME says at TGA 2025 · TechNode Phantom Blade Zero to launch on Sept. 9, 2026, S-GAME says at TGA 2025 · TechNode
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Stay Connected

Latest News

We believed that the success of artificial insemination was a genetic lottery. Turns out it depended on your shopping list.
We believed that the success of artificial insemination was a genetic lottery. Turns out it depended on your shopping list.
Gaming
Digital tax in view: EU Parliament demands billions in tax for Big Tech
Digital tax in view: EU Parliament demands billions in tax for Big Tech
Software
The Airbus A400M will be able to drop 50 drones or 12 missiles in mid-flight: the transformation is confirmed
The Airbus A400M will be able to drop 50 drones or 12 missiles in mid-flight: the transformation is confirmed
Mobile
Your own AI avatar in seconds: What already works well today – and what doesn’t
Your own AI avatar in seconds: What already works well today – and what doesn’t
Gadget
Lost your password?