Apple has detailed the security content for iOS 16.7.15, iOS 15.8.7, iPadOS 16.7.15, and iPadOS 15.8.7, confirming that the updates address the Coruna vulnerability disclosed last week by Google and iVerify. Here are the details.
Apple moved quickly after the Coruna exploit became public
A few days ago, Google and iVerify published details on Coruna, an exploit that chained multiple vulnerabilities to target iPhones running older iOS versions.
In a nutshell, the exploit leverages five full iOS exploit chains and 23 vulnerabilities to vulnerable devices running iOS 13 through iOS 17.2.1.
Earlier today, Apple released iOS 16.7.15, iOS 15.8.7, iPadOS 16.7.15, and iPadOS 15.8.7, stating only that the system updates contained “important security fixes”.
Now, Apple has published the security content for the updates, confirming that they address kernel and WebKit vulnerabilities associated with the Coruna exploit, and that they fix it on “devices that cannot update to the latest iOS version.”
Here’s the full security content for iOS 15.8.7 and iPadOS 15.8.7:
Kernel
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)Impact: An app may be able to execute arbitrary code with kernel privileges. This fix associated with the Coruna exploit was shipped in iOS 17 on September 18, 2023. This update brings that fix to devices that cannot update to the latest iOS version.Description: A use-after-free issue was addressed with improved memory management.CVE-2023-41974: Félix Poulin-BélangerWebKit
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)Impact: Processing maliciously crafted web content may lead to arbitrary code execution. This fix associated with the Coruna exploit was shipped in iOS 17.3 on January 22, 2024. This update brings that fix to devices that cannot update to the latest iOS version.Description: A type confusion issue was addressed with improved checks.WebKit Bugzilla: 267134CVE-2024-23222WebKit
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)Impact: Processing maliciously crafted web content may lead to memory corruption. This fix associated with the Coruna exploit was shipped in iOS 16.6 on July 24, 2023. This update brings that fix to devices that cannot update to the latest iOS version.Description: A use-after-free issue was addressed with improved memory management.WebKit Bugzilla: 255951CVE-2023-43000: AppleWebKit
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)Impact: Processing maliciously crafted web content may lead to memory corruption. This fix associated with the Coruna exploit was shipped in iOS 17.2 on December 11th, 2023. This update brings that fix to devices that cannot update to the latest iOS version.Description: The issue was addressed with improved memory handling.WebKit Bugzilla: 260913CVE-2023-43010: Apple
And here’s the full security content for iOS 16.7.15 and iPadOS 16.7.15:
WebKit
Available for: iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generationImpact: Processing maliciously crafted web content may lead to memory corruption. This fix associated with the Coruna exploit was shipped in iOS 17.2 on December 11th, 2023. This update brings that fix to devices that cannot update to the latest iOS version.Description: The issue was addressed with improved memory handling.WebKit Bugzilla: 260913CVE-2023-43010: Apple
To learn more about Apple’s security releases, follow this link. And if you have an older device that can’t run the latest iOS and iPadOS versions, it is really important that you check whether they’re up to date as well.
Post a Comment