Apple confirms that today’s iOS and iPadOS updates fix the Coruna exploit

Apple has detailed the security content for iOS 16.7.15, iOS 15.8.7, iPadOS 16.7.15 and iPadOS 15.8.7, confirming that the updates address the Coruña vulnerability revealed last week by Google and iVerify. Here are the details.

Apple acted quickly after the Coruña exploit became public

A few days ago, Google and iVerify Details published about La Coruña.an exploit that chained together multiple vulnerabilities targeting iPhones running older versions of iOS.

In a nutshell, the exploit exploits five full iOS exploit chains and 23 vulnerabilities in vulnerable devices running iOS 13 up to iOS 17.2.1.

Early today, thrown apple iOS 16.7.15, iOS 15.8.7, iPadOS 16.7.15 and iPadOS 15.8.7, stating only that the system updates contained “important security fixes.”

Now, Apple has released the security content of the updates, confirming that they address the kernel and WebKit vulnerabilities associated with the Coruña exploit, and that they fix it on “devices that cannot be updated to the latest version of iOS.”

Here is the complete security content for iOS 15.8.7 and iPadOS 15.8.7:

Core

Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)

Impact: An application may execute arbitrary code with kernel privileges This fix associated with the Coruna exploit shipped in iOS 17 on September 18, 2023. This update brings that fix to devices that cannot update to the latest version of iOS.

Description: A use-after-free issue was fixed with improved memory management.

CVE-2023-41974: Félix Poulin-Bélanger

web kit

Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)

Impact: Processing maliciously crafted web content may lead to arbitrary code execution. This fix associated with the Coruna exploit shipped in iOS 17.3 on January 22, 2024. This update brings that fix to devices that cannot update to the latest version of iOS.

Description: Fixed a type confusion issue with improved checks.

WebKit Bugzilla: 267134

CVE-2024-23222

web kit

Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)

Impact: Processing maliciously crafted web content may lead to memory corruption. This fix associated with the Coruna exploit was shipped in iOS 16.6 on July 24, 2023. This update brings that fix to devices that cannot update to the latest version of iOS.

Description: A use-after-free issue was fixed with improved memory management.

WebKit Bugzilla: 255951

CVE-2023-43000: apple

web kit

Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)

Impact: Processing maliciously crafted web content may lead to memory corruption. This fix associated with the Coruna exploit shipped in iOS 17.2 on December 11, 2023. This update brings that fix to devices that cannot update to the latest version of iOS.

Description: The issue was resolved by improving memory handling.

WebKit Bugzilla: 260913

CVE-2023-43010: apple

And here is the complete security content for iOS 16.7.15 and iPadOS 16.7.15:

web kit

Available for: iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7 inch, and iPad Pro 12.9 inch 1st generation

Impact: Processing maliciously crafted web content may lead to memory corruption. This fix associated with the Coruna exploit shipped in iOS 17.2 on December 11, 2023. This update brings that fix to devices that cannot update to the latest version of iOS.

Description: The issue was resolved by improving memory management.

WebKit Bugzilla: 260913

CVE-2023-43010: apple

For more information about Apple security releases, follow this link. And if you have an older device that can’t run the latest versions of iOS and iPadOS, it’s very important to check if they are up to date as well.

Worth checking out on Amazon