Apple Releases Critical iOS and iPadOS Updates to Patch Coruna Exploit on Older Devices
In a decisive move to bolster the security of its devices, Apple has rolled out iOS 16.7.15, iOS 15.8.7, iPadOS 16.7.15, and iPadOS 15.8.7. These updates specifically target and rectify the Coruna exploit, a sophisticated vulnerability recently brought to light by Google and iVerify. This proactive step underscores Apple’s commitment to safeguarding users, particularly those operating older hardware models.
Understanding the Coruna Exploit
The Coruna exploit is a complex attack mechanism that chains together multiple vulnerabilities to compromise iPhones running outdated iOS versions. It employs five complete iOS exploit chains and leverages 23 distinct vulnerabilities, affecting devices operating on iOS versions from 13 up to 17.2.1. The exploit initiates when a user visits a malicious website embedded with concealed JavaScript. This script assesses the device’s model, system version, and security configurations. Upon identifying a susceptible device, the exploit navigates through various routes to bypass iOS’s core protections, escalate privileges, and install malware capable of data extraction or downloading additional malicious modules.
Apple’s Swift Response
Upon the public disclosure of the Coruna exploit, Apple acted promptly. The company released the aforementioned updates, initially describing them as containing important security fixes. Subsequently, Apple provided detailed security content for these updates, confirming that they address kernel and WebKit vulnerabilities associated with the Coruna exploit. These fixes are particularly crucial for devices that cannot upgrade to the latest iOS versions.
Detailed Security Content
For iOS 15.8.7 and iPadOS 15.8.7, the security content includes:
– Kernel Vulnerability:
– Affected Devices: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation).
– Impact: Potential for an app to execute arbitrary code with kernel privileges.
– Resolution: Addressed a use-after-free issue with improved memory management.
– CVE Identifier: CVE-2023-41974, credited to Félix Poulin-Bélanger.
– WebKit Vulnerabilities:
– Affected Devices: Same as above.
– Impact: Processing maliciously crafted web content could lead to arbitrary code execution or memory corruption.
– Resolutions:
– Type confusion issue addressed with improved checks.
– Use-after-free issue addressed with enhanced memory management.
– Improved memory handling to prevent memory corruption.
– CVE Identifiers: CVE-2024-23222, CVE-2023-43000, CVE-2023-43010.
For iOS 16.7.15 and iPadOS 16.7.15, the security content includes:
– WebKit Vulnerability:
– Affected Devices: iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation.
– Impact: Processing maliciously crafted web content may lead to memory corruption.
– Resolution: Improved memory handling to prevent memory corruption.
– CVE Identifier: CVE-2023-43010.
The Importance of Keeping Devices Updated
This incident highlights the critical importance of maintaining up-to-date software on all devices. Exploits like Coruna specifically target vulnerabilities in older software versions. By ensuring devices are updated to the latest available software, users can protect themselves against such sophisticated attacks. Apple’s swift response in releasing these updates demonstrates the company’s dedication to user security, even for those using older devices.
Conclusion
Apple’s release of iOS 16.7.15, iOS 15.8.7, iPadOS 16.7.15, and iPadOS 15.8.7 is a significant step in addressing the Coruna exploit. Users of older devices are strongly encouraged to install these updates promptly to safeguard their devices against potential threats. This proactive approach by Apple reinforces the importance of regular software updates in maintaining device security.
