Apple's security notes state that the updates patch kernel and WebKit vulnerabilities linked to the Coruna exploit.
Apple's iPhone 13 lineup shipped with iOS 15 out-of-the-box
Apple on Wednesday released new updates for iPhone models still running iOS 16 and iOS 15 operating systems. These are aimed at older iPhones that are not compatible with newer versions of Apple's firmware. The Cupertino-based tech giant has confirmed that the released updates address vulnerabilities, associated with the Coruna exploit, that were recently disclosed by researchers. Alongside, similar updates have been released for older iPad models, too, running iPadOS 16 and iPadOS 15 firmware.
According to the security researchers, the Coruna attack combined multiple vulnerabilities to compromise devices running versions between iOS 13 and iOS 17.2.1. To address this, Apple has released iOS 16.7.15, iOS 15.8.7, iPadOS 16.7.15, and iPadOS 15.8.7 updates, stating that they contain “important security fixes.” Detailed security notes released by the iPhone maker reveal that they patched kernel and WebKit vulnerabilities linked to the Coruna exploit.
A major patch is for a kernel vulnerability that could allow an app to execute arbitrary code with kernel privileges. As per Apple, the issue was caused by a use-after-free bug that is now said to have been addressed with improved memory management. The vulnerability is tracked as CVE-2023-41974.
Additionally, several WebKit-related vulnerabilities have been patched as part of the updates. These flaws could allow maliciously crafted web content to trigger arbitrary code execution or memory corruption, Apple's security page states.
One of the WebKit bugs, tracked as CVE-2024-23222, was caused by a type confusion issue and has been fixed through improved checks. Additional WebKit vulnerabilities tracked as CVE-2023-43000 and CVE-2023-43010 were caused by use-after-free and memory handling issues, respectively.
While fixes for some of these had previously been introduced in newer iOS releases, Apple said the latest updates extend those protections to older devices that are no longer eligible for the latest software versions.
The Coruna exploit was discovered by Google Threat Intelligence Group (GTIG) earlier this month. According to the researchers, it combines multiple vulnerabilities to target iPhone models running older versions of iOS. As per Google's blog post, the exploit reportedly chains together five full iOS exploit chains and a total of 23 vulnerabilities.
These vulnerabilities affect devices running software versions between iOS 13 and iOS 17.2.1, released between September 2019 and December 2023.
By exploiting these flaws, attackers could potentially gain deeper access to a device and execute malicious code, the tech giant revealed. Security researchers said the exploit chain could allow attackers to bypass several layers of system protection if the vulnerabilities are successfully triggered.
Apple recommends that users install the latest available updates on their iPhone and iPad models, particularly if they are running older iOS or iPadOS versions.
Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.