Apple released security updates for legacy iPhone and iPad models to patch vulnerabilities exploited by the Coruna toolkit. Coruna is a 23-exploit, nation‑state‑grade kit linked to surveillance vendors and state-aligned actors that enables remote code execution on iOS devices, and Apple has backported fixes for older iOS and iPadOS releases. #Coruna #iOS
Keypoints
- Apple issued updates for legacy iOS and iPadOS to address vulnerabilities used by the Coruna exploit kit.
- Coruna bundles 23 exploits across five attack chains, enabling mass exploitation of iPhones from iOS 13.0 through 17.2.1.
- The toolkit traces to commercial surveillance vendors and has been used by nation‑state actors and China‑linked cybercriminals.
- Patched flaws include a kernel vulnerability (CVE-2023-41974) and three WebKit issues (CVE-2024-23222, CVE-2023-43000, CVE-2023-43010).
- Google observed active exploitation and CISA added several Coruna flaws to its KEV catalog, prompting Apple to backport fixes for older devices.
Read More: https://www.securityweek.com/apple-updates-older-ios-versions-to-patch-coruna-exploits/