APPLE has backported fixes for a WebKit memory corruption flaw tracked as CVE-2023-43010 to older iOS, iPadOS and macOS Sonoma versions after it was observed being used in the Coruna exploit kit, according to The Hacker News. The vulnerability was addressed with improved handling, and Apple noted that “this fix associated with the Coruna exploit was shipped in iOS 17.2 on December 11th, 2023,” bringing that patch to devices that cannot update to the latest iOS version.
Fixes for CVE-2023-43010 were originally released in iOS 17.2 and iPadOS 17.2, macOS Sonoma 14.2 and Safari 17.2, but the latest round extends to older builds such as iOS 15.8.7 and iPadOS 15.8.7 for devices including iPhone 6s, iPhone 7, iPhone SE (1st gen), iPad Air 2, iPad mini (4th gen) and iPod touch (7th gen), and iOS 16.7.15 and iPadOS 16.7.15 for several iPhone and iPad models.
In addition, iOS 15.8.7 and iPadOS 15.8.7 also patch three related vulnerabilities: CVE-2023-43000, CVE-2023-41974 and CVE-2024-23222. Coruna’s emergence has been linked by Google and others to exploits across five chains targeting iOS 13 through 17.2.1, with attributions and discussions surrounding a potential connection to various actors, though the article notes that attribution is not definitive, per Boris Larin of Kaspersky GReAT.