Apple Issues Security Updates for Older iOS Devices Targeted by Coruna WebKit Exploit

Staff Editor 2026-03-12
Apple Issues Security Updates for Older iOS Devices Targeted by Coruna WebKit Exploit

Apple Issues Security Updates for Older iOS Devices Targeted by Coruna WebKit Exploit

https://thehackernews.com/2026/03/apple-issues-security-updates-for-older.html

Publish Date: 2026-03-12 05:58:00

Source Domain: thehackernews.com

Ravie LakshmananMar 12, 2026Vulnerability / Malware

Apple on Wednesday backported fixes for a security flaw in iOS, iPadOS, and macOS Sonoma to older versions after it was found to be used as part of the Coruna exploit kit.

The vulnerability, tracked as CVE-2023-43010, relates to an unspecified vulnerability in WebKit that could result in memory corruption when processing maliciously crafted web content. The iPhone maker said the issue was addressed with improved handling. 

“This fix associated with the Coruna exploit kit was shipped in iOS 17.2 on December 11th, 2023,” Apple said in an advisory. “This update brings that fix to devices that cannot update to the latest iOS version.”

Fixes for CVE-2023-43010 were originally released by Apple in the following versions –

The latest round of fixes brings it to older versions of iOS and iPadOS –

  • iOS 15.8.7 and iPadOS 15.8.7 – iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)
  • iOS 16.7.15 and iPadOS 16.7.15 – iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation

What’s more, iOS 15.8.7 and iPadOS 15.8.7 incorporate patches for three more vulnerabilities associated with the Coruna exploit kit –

  • CVE-2023-43000 (Originally fixed in iOS 16.6, released on July 24, 2023) – A use-after-free issue in WebKit that could lead to memory corruption when processing maliciously crafted web content.
  • CVE-2023-41974 (Originally fixed in iOS 17, released on September 18, 2023) – A use-after-free issue in the kernel that could allow an app to execute arbitrary code with kernel privileges.
  • CVE-2024-23222 (Originally fixed in iOS 17.3, released on January 22, 2024) – A type confusion issue in WebKit that could lead to arbitrary code execution when processing maliciously crafted web content.

Details of Coruna emerged earlier this month after Google said the exploit kit…

Source

More Stories

Automotive Cybersecurity News Q1 2026 – Vehicle Vulnerabilities Double Year-on-Year And Hackers “Brick” Thousands of Cars | Press Releases

Automotive Cybersecurity News Q1 2026 – Vehicle Vulnerabilities Double Year-on-Year And Hackers “Brick” Thousands of Cars | Press Releases

Staff Editor 2026-06-06
Project Glasswing: Key cybersecurity agencies set to get access to Anthropic’s Mythos | Business News

Project Glasswing: Key cybersecurity agencies set to get access to Anthropic’s Mythos | Business News

Staff Editor 2026-06-06
Did Insight’s New AI Cybersecurity Service and Credit Tweaks Just Reframe Insight Enterprises’ (NSIT) Growth Story?

Did Insight’s New AI Cybersecurity Service and Credit Tweaks Just Reframe Insight Enterprises’ (NSIT) Growth Story?

Staff Editor 2026-06-06

Terms and Conditions - Privacy Policy