Apple Points Safety Updates for Older iOS Units Focused by Coruna WebKit Exploit

Ravie LakshmananMar 12, 2026Vulnerability / Malware

Apple on Wednesday backported fixes for a safety flaw in iOS, iPadOS, and macOS Sonoma to older variations after it was discovered for use as a part of the Coruna exploit equipment.

The vulnerability, tracked as CVE-2023-43010, pertains to an unspecified vulnerability in WebKit that would end in reminiscence corruption when processing maliciously crafted internet content material. The iPhone maker stated the problem was addressed with improved dealing with. 

“This repair related to the Coruna exploit equipment was shipped in iOS 17.2 on December eleventh, 2023,” Apple stated in an advisory. “This replace brings that repair to gadgets that can’t replace to the most recent iOS model.”

Fixes for CVE-2023-43010 have been initially launched by Apple within the following variations –

The newest spherical of fixes brings it to older variations of iOS and iPadOS –

• iOS 15.8.7 and iPadOS 15.8.7 – iPhone 6s (all fashions), iPhone 7 (all fashions), iPhone SE (1st era), iPad Air 2, iPad mini (4th era), and iPod contact (seventh era)
• iOS 16.7.15 and iPadOS 16.7.15 – iPhone 8, iPhone 8 Plus, iPhone X, iPad fifth era, iPad Professional 9.7-inch, and iPad Professional 12.9-inch 1st era

What’s extra, iOS 15.8.7 and iPadOS 15.8.7 incorporate patches for 3 extra vulnerabilities related to the Coruna exploit equipment –

• CVE-2023-43000 (Initially mounted in iOS 16.6, launched on July 24, 2023) – A use-after-free problem in WebKit that would result in reminiscence corruption when processing maliciously crafted internet content material.
• CVE-2023-41974 (Initially mounted in iOS 17, launched on September 18, 2023) – A use-after-free problem within the kernel that would enable an app to execute arbitrary code with kernel privileges.
• CVE-2024-23222 (Initially mounted in iOS 17.3, launched on January 22, 2024) – A sort confusion problem in WebKit that would result in arbitrary code execution when processing maliciously crafted internet content material.

Particulars of Coruna emerged earlier this month after Google stated the exploit equipment options 23 exploits throughout 5 chains designed to focus on iPhone fashions working iOS variations between 13.0 and 17.2.1. iVerify, which is monitoring the malware framework that makes use of the exploit equipment beneath the identify CryptoWaters, stated it is similar to earlier frameworks developed by menace actors affiliated with the U.S. authorities

The event comes amid hypothesis that Coruna was possible designed by U.S. army contractor L3Harris and that it might have been handed to Russian exploit dealer Operation Zero by Peter Williams, a former normal supervisor on the firm who was sentenced to greater than seven years in jail final month for promoting a number of exploits in alternate for cash.

An fascinating side of Coruna is the usage of two exploits (CVE-2023-32434 and CVE-2023-38606) that have been weaponized as zero-days in a marketing campaign dubbed Operation Triangulation concentrating on customers in Russia in 2023. Kaspersky instructed The Hacker Information that it is potential for any sufficiently expert group to provide you with their very own exploits, on condition that each the issues have publicly accessible implementations.

“Regardless of our intensive analysis, we’re unable to attribute Operation Triangulation to any identified APT group or exploit improvement firm,” Boris Larin, principal safety researcher at Kaspersky GReAT, instructed The Hacker Information in an electronic mail.

“To be exact: neither Google nor iVerify of their printed analysis claims that Coruna reuses Triangulation’s code. What they determine is that two exploits in Coruna — Photon and Gallium — goal the identical vulnerabilities. That is an necessary distinction. In our opinion, attribution can’t be based mostly solely on the actual fact of exploitation of those vulnerabilities.”