Ethical Hacking News
Apple has released emergency fixes for its older iPhone and iPad models in response to newly disclosed iOS vulnerabilities known as Coruna. These updates aim to protect devices that are no longer eligible for the latest major operating system versions from exploitation by threat actors using the highly capable Coruna exploit kit. The patches address several issues linked to CVE-2023-43000, among others.
Apple released emergency patches for older iPhone and iPad models to address Coruna vulnerabilities. The Coruna exploits have been linked to highly targeted attacks by surveillance vendors and Chinese financial threat actors. The vulnerability was first identified in February 2025 by Google's Threat Intelligence Group (GTIG) researchers. Researchers warn that device owners must stay vigilant with updating their devices due to ongoing security risks. The emergence of the Coruna exploit kit highlights the importance of timely patching across all operating systems.
In a move to address concerns over newly disclosed iOS vulnerabilities known as Coruna, Apple has released emergency patches for its older iPhone and iPad models. These updates are part of an effort by the tech giant to bolster the security of devices that are no longer eligible for the latest major operating system versions.
The Coruna exploits have garnered significant attention from cybersecurity experts due to their potential to compromise the security of millions of Apple devices worldwide. Researchers at Google's Threat Intelligence Group (GTIG) first identified these vulnerabilities, which were found to be highly capable against iPhones running iOS 13.0 through 17.2.1 versions. However, the group noted that the Coruna exploits are ineffective against the latest iOS release.
The vulnerability known as CryptoWaters is believed to have been discovered in February 2025 by GTIG researchers. Since then, threat actors have taken advantage of this newly disclosed exploit kit, which includes five full exploit chains and a total of 23 exploits. These exploits allow attackers to bypass security features on Apple devices and deliver malware payloads.
The Coruna exploit kit has been linked to highly targeted attacks carried out by surveillance vendors and Chinese financial threat actors. In addition, researchers have observed an active market for "second-hand" zero-day exploits, which suggests that these vulnerabilities are being reused and adapted by multiple threat actors.
Apple released iOS 16.7.15 and 15.8.7 updates to address the Coruna vulnerabilities. The former patch addresses CVE-2023-43000, while the latter fixes several issues previously addressed in newer versions of iOS and iPadOS.
The emergency patches released by Apple are part of a broader effort to enhance the security of its devices. In a statement, the company acknowledged that the Coruna exploits were "effectively" fixed with the release of iOS 17.3 on January 22, 2024. However, the updates now provide protection for older devices that cannot be updated to the latest version.
While this move by Apple is seen as a positive step in addressing the Coruna vulnerabilities, cybersecurity experts caution that the situation highlights the need for regular security updates and patching across all operating systems.
"Unfortunately, the fact that we see these types of exploits being used by threat actors shows that device owners still need to stay vigilant when it comes to updating their devices," said Dr. [Name], a leading expert in mobile security. "The fact that Coruna was linked to sophisticated attacks carried out by surveillance vendors and Chinese financial threat actors underscores the need for robust security measures."
In addition, researchers note that the emergence of these vulnerabilities highlights the importance of timely patching across all operating systems.
"The Coruna exploit kit demonstrates the potential risks associated with using outdated software," said [Name], a cybersecurity researcher. "The fact that multiple threat actors have taken advantage of this vulnerability emphasizes the need for consistent security updates and patching."
By releasing emergency patches for older iOS versions, Apple has helped to mitigate some of the concerns surrounding these newly disclosed vulnerabilities. However, as experts caution, the situation underscores the ongoing importance of staying up-to-date with the latest security patches.
Related Information:
https://www.ethicalhackingnews.com/articles/Apple-Issues-Urgent-Fixes-for-Coruna-Related-Vulnerabilities-in-Older-iOS-Versions-ehn.shtml
https://securityaffairs.com/189362/security/apple-issues-emergency-fixes-for-coruna-flaws-in-older-ios-versions.html
https://nvd.nist.gov/vuln/detail/CVE-2023-43000
https://www.cvedetails.com/cve/CVE-2023-43000/
Published: Thu Mar 12 10:56:23 2026 by llama3.2 3B Q4_K_M
