GoKawiilApple has released security updates to patch older iPhones and iPads against a set of vulnerabilities targeted in cyberespionage and crypto-theft attacks using the Coruna exploit kit.
Some of these security flaws have already been addressed in earlier updates for newer iOS device models, starting in September 2023.
"This fix associated with the Coruna exploit," Apple said in security advisories released on Wednesday. "This update brings that fix to devices that cannot update to the latest iOS version,"
Apple said the patches will fix iOS security issues targeted by multiple exploit chains, many used in zero-day attacks aiming to help attackers escalate permissions to Kernel privileges or gain remote code execution on vulnerable devices.
The list of vulnerabilities addressed by these backported security patches includes:
CVE-2023-41974: A Kernel use-after-free issue addressed with improved memory management
CVE-2024-23222: A WekKit type confusion issue addressed with improved checks
CVE-2023-43000: A WebKit use-after-free issue addressed with improved memory management
CVE-2023-43010: A WebKit issue was addressed with improved memory handling
The list of devices impacted by these vulnerabilities is also quite extensive, as it includes a wide range of older models running iOS 15.8.7/16.7.15 and iPadOS 15.8.7/16.7.15:
... continue reading