{"id":242,"date":"2026-03-12T10:50:09","date_gmt":"2026-03-12T10:50:09","guid":{"rendered":"https:\/\/thedigitalfortress.us\/?p=242"},"modified":"2026-03-12T10:50:09","modified_gmt":"2026-03-12T10:50:09","slug":"apple-issues-security-updates-for-older-ios-devices-targeted-by-coruna-webkit-exploit","status":"publish","type":"post","link":"https:\/\/thedigitalfortress.us\/?p=242","title":{"rendered":"Apple Issues Security Updates for Older iOS Devices Targeted by Coruna WebKit Exploit"},"content":{"rendered":"<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">Ravie Lakshmanan<\/span><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">Mar 12, 2026<\/span><\/span><span class=\"p-tags\">Vulnerability \/ Malware<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><a href=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhYxpx0H72-jraYxYXM_LUEtyv1M503LKgvsrmHcmXew61h2RfR4Q5uyuLKb6h6qltO1UedF9lMjEC3MoOgxDNO8zB4BzKjkVusHicqzNXSK3Tojlq10A7xDds9wDdyKTGtwWTKMAvoR5-l5nK7gnZQOUDbTbOXGWAezt1MjNJQpPh3MalEkI-nhOmTZ7fW\/s1700-e365\/iphones.jpg\" style=\"clear: left; display: block; float: left;  text-align: center;\"><\/a><\/div>\n<p>Apple on Wednesday backported fixes for a security flaw in iOS, iPadOS, and macOS Sonoma to older versions after it was found to be used as part of the Coruna exploit kit.<\/p>\n<p>The vulnerability, tracked as <strong><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-43010\" rel=\"noopener\" target=\"_blank\">CVE-2023-43010<\/a><\/strong>, relates to an unspecified vulnerability in WebKit that could result in memory corruption when processing maliciously crafted web content. The iPhone maker said the issue was addressed with improved handling.\u00a0<\/p>\n<p>\u00abThis fix associated with the Coruna exploit was shipped in iOS 17.2 on December 11th, 2023,\u00bb Apple said in an advisory. \u00abThis update brings that fix to devices that cannot update to the latest iOS version.\u00bb<\/p>\n<div class=\"dog_two clear\">\n<div class=\"cf\"><a href=\"https:\/\/thehackernews.uk\/not-fast-enough-d\" rel=\"nofollow noopener sponsored\" target=\"_blank\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"Cybersecurity\" src=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhlXM830ruQd2xT6M7JNeNRjaFa1onD12WjSCHihTFMTzbyfT9h-irPmXy_h3E1HGSs6sdv7FTmnyNVTM5kmSb7BuUtZe8gKoTQt99P1sSzRcqqXpOJP6eoAOhR3DGb6qHx9kOZ_HBZUMmVnsnd0DM7QfUp81bgzTvvgLww6oqB-EhnDfWXH5pWCYhAsyLs\/s728-e100\/tl-d.jpg\" width=\"729\" height=\"91\"\/><\/a><\/div>\n<\/div>\n<p>Fixes for CVE-2023-43010 were originally released by Apple in the following versions &#8211;<\/p>\n<p>The latest round of fixes brings it to older versions of iOS and iPadOS &#8211;<\/p>\n<ul>\n<li><a href=\"https:\/\/support.apple.com\/en-us\/126632\" rel=\"noopener\" target=\"_blank\">iOS 15.8.7 and iPadOS 15.8.7<\/a> &#8211; iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)<\/li>\n<li><a href=\"https:\/\/support.apple.com\/en-us\/126646\" rel=\"noopener\" target=\"_blank\">iOS 16.7.15 and iPadOS 16.7.15<\/a> &#8211; iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation<\/li>\n<\/ul>\n<p>What&#8217;s more, iOS 15.8.7 and iPadOS 15.8.7 incorporate patches for three more vulnerabilities associated with the Coruna exploit &#8211;<\/p>\n<ul>\n<li><strong><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-43000\" rel=\"noopener\" target=\"_blank\">CVE-2023-43000<\/a><\/strong> (Originally fixed in iOS 16.6, released on July 24, 2023) &#8211; A use-after-free issue in WebKit that could lead to memory corruption when processing maliciously crafted web content.<\/li>\n<li><strong><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/cve-2023-41974\" rel=\"noopener\" target=\"_blank\">CVE-2023-41974<\/a><\/strong> (Originally fixed in iOS 17, released on September 18, 2023) &#8211; A use-after-free issue in the kernel that could allow an app to execute arbitrary code with kernel privileges.<\/li>\n<li><strong><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/cve-2024-23222\" rel=\"noopener\" target=\"_blank\">CVE-2024-23222<\/a><\/strong> (Originally fixed in iOS 17.3 released on January 22, 2024) &#8211; A type confusion issue in WebKit that could lead to arbitrary code execution when processing maliciously crafted web content.<\/li>\n<\/ul>\n<p>Details of Coruna emerged earlier this month after Google said the exploit kit features 23 exploits across five chains designed to target iPhone models running iOS versions between 13.0 and 17.2.1. iVerify, which is tracking the malware framework that uses the exploit kit under the name CryptoWaters, said it has similarities to previous frameworks developed by threat actors affiliated with the U.S. government<\/p>\n<div class=\"dog_two clear\">\n<div class=\"cf\"><a href=\"https:\/\/thehackernews.uk\/cyber-comm-guide-d\" rel=\"nofollow noopener sponsored\" target=\"_blank\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"Cybersecurity\" src=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEigDbfWwE4P_DsjfBRxgecgosqTRr8-2j328LrzdUBWrWmWeDUTI7OhXc-zXveYOjBc7GStGz5WnpXsJGaLCuoryIXbL7NxRyaWzIJGO1TBpd48NkYzNqTMj9zWMzgfvqh20RxsdMll45TFiMzXja0pAd7roFjMnzsRYBGHOWSLnyKN-oMKyCLoYcjmb5hm\/s728-e100\/ciso-d.jpg\" width=\"729\" height=\"91\"\/><\/a><\/div>\n<\/div>\n<p>The development comes amid reports that Coruna was likely designed by U.S. military contractor L3Harris and that it may have been passed to Russian exploit broker Operation Zero by Peter Williams, a former general manager at the company who was sentenced to more than seven years in prison for selling several exploits in exchange for money.<\/p>\n<p>An interesting aspect of Coruna is the use of two exploits (CVE-2023-32434 and CVE-2023-38606) that were weaponized as zero-days in a campaign dubbed Operation Triangulation targeting users in Russia in 2023. Kaspersky told The Hacker News that it&#8217;s possible for any sufficiently skilled team to come up with their own exploits, given that both the flaws have publicly available implementations.<\/p>\n<p>\u00abDespite our extensive research, we are unable to attribute Operation Triangulation to any known APT group or exploit development company,\u00bb Boris Larin, principal security researcher at Kaspersky GReAT, told The Hacker News in an email.<\/p>\n<p>\u00abTo be precise: neither Google nor iVerify in their published research claims that Coruna reuses Triangulation&#8217;s code. What they identify is that two exploits in Coruna \u2014 Photon and Gallium \u2014 target the same vulnerabilities. That&#8217;s an important distinction. In our opinion, attribution cannot be based solely on the fact of exploitation of these vulnerabilities.\u00bb<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>\ue804Ravie Lakshmanan\ue802Mar 12, 2026Vulnerability \/ Malware Apple on Wednesday backported fixes for a security flaw in iOS, iPadOS, and macOS Sonoma to older versions after it was found to be&hellip;<\/p>\n","protected":false},"author":1,"featured_media":243,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[618,427,175,120,428,517,620,47,113,619,621],"class_list":["post-242","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-apple","tag-coruna","tag-devices","tag-exploit","tag-ios","tag-issues","tag-older","tag-security","tag-targeted","tag-updates","tag-webkit"],"_links":{"self":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts\/242","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=242"}],"version-history":[{"count":0,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts\/242\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/media\/243"}],"wp:attachment":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=242"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=242"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=242"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}