Apple Confirms iOS and iPadOS Updates Address Coruna Vulnerability for Older Devices

Apple detailed the security content for iOS 16.7.15, iOS 15.8.7, iPadOS 16.7.15, and iPadOS 15.8.7, confirming that the updates address the Coruna security vulnerability disclosed last week by Google and iVerify. Here are the details.

Apple Acted Quickly After the Coruna Vulnerability Became Public

A few days ago, Google and iVerify published details about the Coruna vulnerability, which combines multiple security flaws targeting iPhones running older iOS versions.

In short, this vulnerability exploits a chain of five complete iOS vulnerabilities and 23 security flaws across devices running iOS 13 to iOS 17.2.1.

Earlier today, Apple released iOS 16.7.15, iOS 15.8.7, iPadOS 16.7.15, and iPadOS 15.8.7, stating that they contain only "important security fixes."

Apple has now published the security content of the updates, confirming that they address core and WebKit vulnerabilities related to the Coruna vulnerability and also fix this vulnerability on devices that cannot be updated to the latest iOS version.

Here is the full security content for iOS 15.8.7 and iPadOS 15.8.7:

Core

Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)

Impact: An application may execute arbitrary code with kernel privileges. This fix related to the Coruna vulnerability was released in iOS 17 on September 18, 2023. This update brings the fix to devices that cannot be updated to the latest iOS version.

Description: A use-after-free issue was addressed with improved memory management.

CVE-2023-41974: Félix Poulin-Bélanger

WebKit

Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)

Impact: Processing of maliciously crafted web content may lead to arbitrary code execution. This fix related to the Coruna vulnerability was released in iOS 17.3 on January 22, 2024. This update brings the fix to devices that cannot be updated to the latest iOS version.

Description: A type confusion issue was addressed with improved checks.

WebKit Bugzilla: 267134

CVE-2024-23222

WebKit

Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)

Impact: Processing of maliciously crafted web content may lead to memory corruption. This fix related to the Coruna vulnerability was released in iOS 16.6 on July 24, 2023. This update brings the fix to devices that cannot be updated to the latest iOS version.

Description: A use-after-free issue was addressed with improved memory management.

WebKit Bugzilla: 255951

CVE-2023-43000: Apple

WebKit

Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)

Impact: Processing of maliciously crafted web content may lead to memory corruption. This fix related to the Coruna vulnerability was released in iOS 17.2 on December 11, 2023. This update brings the fix to devices that cannot be updated to the latest iOS version.

Description: The issue was addressed with improved memory management.

WebKit Bugzilla: 260913

CVE-2023-43010: Apple

Here is the full security content for iOS 16.7.15 and iPadOS 16.7.15:

WebKit

Available for: iPhone 8, iPhone 8 Plus, iPhone X, iPad (5th generation), iPad Pro (9.7-inch), and iPad Pro (12.9-inch, 1st generation)

Impact: Processing of maliciously crafted web content may lead to memory corruption. This fix related to the Coruna vulnerability was released in iOS 17.2 on December 11, 2023. This update brings the fix to devices that cannot be updated to the latest iOS version.

Description: The issue was addressed with improved memory management.

WebKit Bugzilla: 260913

CVE-2023-43010: Apple

To learn more about Apple's security releases, follow this link. And if you have an older device that cannot run the latest iOS and iPadOS versions, it is really important to check whether they are up to date.