Apple Issues Emergency Fixes for Coruna Flaws in Older iOS Versions

The Coruna exploit kit, uncovered by Google’s Threat Intelligence Group, represents one of the most sophisticated iOS attack frameworks seen to date. By chaining 23 vulnerabilities across WebKit, sandbox, and kernel layers, it can bypass Apple’s Lockdown Mode and deliver ransomware‑grade payloads that harvest cryptocurrency wallets and banking credentials. While newer iOS releases have already incorporated mitigations, older devices—still prevalent in corporate BYOD programs—remain exposed, creating a lucrative niche for threat actors who trade or weaponize zero‑day exploits.

Apple’s emergency releases, iOS 15.8.7 and iPadOS 16.7.15, back‑port critical fixes originally bundled in iOS 17.3. The updates remediate CVE‑2023‑41974, CVE‑2024‑23222, CVE‑2023‑43000, and CVE‑2023‑43010, all of which underpin Coruna’s WebKit remote‑code execution and PAC bypass capabilities. By extending these patches to devices stuck on iOS 13‑15, Apple closes a glaring security gap that could otherwise be exploited in targeted espionage campaigns—such as those attributed to UNC6353 and UNC6691—or in broader financial theft operations.

For enterprises, the rollout underscores the importance of maintaining an up‑to‑date inventory and enforcing mandatory patch policies, even for legacy hardware. Organizations should prioritize deploying the new updates, verify patch compliance through mobile device management tools, and consider accelerated migration paths for devices that cannot support the latest OS. Doing so not only mitigates immediate exploitation risk but also strengthens overall resilience against the evolving zero‑day market that fuels sophisticated iOS threats.