Apple has released urgent security updates for older iPhones and iPads to address multiple vulnerabilities actively exploited in the wild via the Coruna exploit kit—a sophisticated attack framework used by both espionage groups and cybercriminals. Read this Cybersecurity Threat Advisory to protect you and your clients’ environments.
What is the threat?
The vulnerabilities addressed in this update include multiple WebKit and kernel flaws leveraged by the Coruna exploit kit, a powerful multi‑stage attack chain capable of:
- Remote code execution through maliciously crafted web content
- Kernel‑level privilege escalation
- Installation of persistent malware
Key vulnerabilities include:
- CVE‑2023‑43010 – WebKit memory corruption
- CVE‑2023‑43000 – WebKit use‑after‑free
- CVE‑2024‑23222 – WebKit type confusion
- CVE‑2023‑41974 – Kernel use‑after‑free
To protect devices that cannot upgrade to the latest iOS releases, Apple has backported fixes to iOS and iPadOS 15.8.7 and 16.7.15.
Why is it noteworthy?
This campaign is concerning for several reasons:
- Google and iVerify have confirmed real‑world attacks using Coruna against iPhones running older iOS versions
- Coruna includes 23 exploits across five chains, originally associated with espionage groups before spreading to cybercriminals
- Exploitation requires no user interaction beyond visiting a malicious or compromised website
- Many affected devices cannot upgrade to iOS 17 or newer, making backported patches essential
- Impacted devices include iPhone 6s, 7, SE (1st generation), 8, X, and multiple iPad models
What is the exposure or risk?
Organizations may be at risk if they rely on:
- Older iPhones or iPads running iOS 13 through iOS 16
- Devices without automatic updates enabled
- Mobile devices used to access corporate email, VPNs, or authentication applications
If exploited, these vulnerabilities could result in full device compromise, data exposure, and persistent attacker access.
What are the recommendations?
Barracuda strongly recommends taking the following actions to mitigate risk:
- Install the latest backported updates: iOS and iPadOS 15.8.7 or 16.7.15
- Enable automatic updates on all supported devices
- Encourage high‑risk users to enable Lockdown Mode on their devices
References
For more in-depth information about the recommendations, please visit the following links:
- Apple Warns Older iPhones Vulnerable to Coruna, DarkSword Exploit Kit Attacks
- Update iOS to protect your iPhone from web attacks – Apple Support
If you have any questions about this Cybersecurity Threat Advisory, don’t hesitate to get in touch with Barracuda Managed XDR’s Security Operations Center.
This post originally appeared on Smarter MSP.