Apple has released new security updates for older iPhones and iPads. Versions iOS 16.7.15, iOS 15.8.7, iPadOS 16.7.15, and iPadOS 15.8.7 contain important security fixes. According to Apple, the updates address vulnerabilities associated with the so-called Coruna exploit.
The exploit was recently published by Google and iVerify. Apple has since confirmed that the new updates close several kernel and WebKit vulnerabilities that are part of this attack chain. The updates are particularly relevant for devices that can no longer be updated to the latest iOS versions.
Security vulnerabilities in mobile operating systems often only become truly dangerous through complex attack chains. The Coruna exploit uses precisely this method. Multiple vulnerabilities are combined to gain access to a device.
After Google and iVerify published details about Coruna, Apple reacted relatively quickly and provided updates for older devices. Shortly afterward, the company also released the technical details of the resolved security issues.
Coruna exploit utilizes multiple vulnerabilities
The Coruna exploit combines several security vulnerabilities in the system. In total, it exploits:
- five complete iOS exploit chains
- 23 individual security vulnerabilities
This means that devices running iOS versions from iOS 13 to iOS 17.2.1 can be attacked. The operating system kernel and WebKit, the rendering engine for web content, are particularly vulnerable.
Apple releases security updates
Apple released several updates to close the vulnerabilities:
- iOS 16.7.15
- iOS 15.8.7
- iPadOS 16.7.15
- iPadOS 15.8.7
Apple initially stated only that the updates contained important security fixes. Later, the company confirmed that the fixes were specifically related to the Coruna exploit and addressed kernel and WebKit issues.
Security features of iOS 15.8.7 and iPadOS 15.8.7
The updates are available for the following devices:
- iPhone 6s
- iPhone 7
- iPhone SE (1st generation)
- iPad Air 2
- iPad mini (4th generation)
- iPod touch (7th generation)
Kernel vulnerability
An app may have been able to execute arbitrary code with kernel privileges. This was caused by a use-after-free bug in memory management.
Apple fixed the problem through improved memory management.
- CVE-2023-41974
- discovered by Félix Poulin-Bélanger
The fix was originally introduced in iOS 17 on September 18, 2023, and is now being rolled out to older devices.
WebKit security vulnerabilities
Several vulnerabilities affect WebKit, the engine for web content.
A vulnerability (CVE-2024-23222) could allow compromised websites to execute arbitrary code. This was caused by a type mismatch issue, which was fixed through improved security checks. The fix was first released with iOS 17.3 on January 22, 2024.
Additional vulnerabilities (CVE-2023-43000 and CVE-2023-43010) could lead to memory corruption through manipulated web content. Both issues were addressed through improved memory management. The fixes were originally released in iOS 16.6 (July 24, 2023) and iOS 17.2 (December 11, 2023).
Security features of iOS 16.7.15 and iPadOS 16.7.15
These updates are aimed at, among others:
- iPhone 8
- iPhone 8 Plus
- iPhone X
- iPad (5th generation)
- iPad Pro 9.7 inch
- iPad Pro 12.9-inch (1st generation)
The WebKit vulnerability CVE-2023-43010 was also fixed here. This vulnerability, which could lead to memory problems through manipulated web content, was corrected through improved memory management.
Apple releases important security updates for older iPhones and iPads
With the updates iOS 16.7.15, iOS 15.8.7, iPadOS 16.7.15, and iPadOS 15.8.7, Apple closes several security vulnerabilities exploited in the Coruna vulnerability. Older devices, in particular, benefit from these updates, as they no longer receive newer iOS versions.
The updates transfer important security fixes from newer system versions to older devices, thus reducing the risk of potential attacks. It therefore remains crucial for affected devices to install available updates and keep the system up to date. (Image: Shutterstock / KanawatTH)
- Apple releases repair manuals for iPhone 17e & Co.
- Apple releases updates for older iPhones & iPads
- Apple Studio Displays get twice the memory
- Apple & Samsung will dominate the smartphone market in 2025
- MacBook Neo charges faster with a more powerful power adapter
- WhatsApp expands its platform to include accounts for children
- Apple Arcade: New games & updates in April 2026
- Apple – seven new products available from today
- MacBook Neo: ASUS manager calls Apple's laptop a shock
- Apple is relying on EMG and AI for new gesture control
- MacBook Neo loses to iPhone 17e in benchmark test
- MacBook Neo: How many charging cycles can the battery handle?
- Apple is working on an Apple Pencil with realistic haptics
- OpenAI brings multi-account support to ChatGPT Atlas
- MacBook Neo: Why the SSD is significantly slower
- Silo Season 3 is scheduled to premiere on Apple TV this summer
- Studio Display XDR: Apple plans update for full calibration
- M5 MacBook Air Reviews: More performance than expected
- visionOS 26.4: How to get X-Plane 12 on Apple Vision Pro
- MacBook Neo Reviews: High praise despite clear limitations
- Apple has the advantage: Laptop prices could rise sharply
- Apple now produces one in four iPhones in India
