Apple has issued security updates for older versions of its iOS, iPadOS, and macOS operating systems to patch a vulnerability actively exploited by attackers. The company backported the fixes on Wednesday after the flaw was identified as part of the Coruna exploit kit. This action extends critical protection to devices that may no longer receive the latest major software updates.
The vulnerability, cataloged as CVE-2023-43010, resides in the WebKit browser engine. Apple’s advisory states that processing maliciously crafted web content could lead to memory corruption. Successful exploitation of such a flaw can allow an attacker to execute arbitrary code on the target device, potentially compromising user data and device security.
Scope of the Updates and Affected Devices
The security patches have been released for iOS 15.7.9 and iPadOS 15.7.9, as well as for macOS Monterey and macOS Ventura. This move is described as a backport, where a fix developed for a current operating system, in this case iOS 17 and macOS Sonoma, is applied to older, still-supported versions. It specifically protects users who have not upgraded to the very latest major OS releases but are on recent previous versions.
Devices capable of running iOS 16 or later received the fix in earlier updates. The current release ensures that older iPhones and iPads, including models like the iPhone 6s and iPhone 7, which are capped at iOS 15, receive this critical protection. The Coruna exploit kit’s use of this vulnerability raised the threat level, prompting Apple’s broader defensive action.
Understanding the Coruna Exploit Kit
The Coruna exploit kit is a known cybercrime tool designed to identify and leverage security holes in software to deliver malware. Exploit kits typically operate through compromised or malicious websites; when a user visits such a site, the kit silently probes their browser and system for unpatched vulnerabilities. If a match is found, like CVE-2023-43010, it can deploy its payload without any user interaction beyond visiting the site.
This method of “drive-by” exploitation makes such kits a persistent threat. Apple’s swift backporting of the WebKit fix disrupts the kit’s ability to target users on these older, but still widely used, operating system versions. Security researchers emphasize that keeping all software updated is the most effective defense against exploit kits.
User Guidance and Installation
Apple has not reported any active exploitation of this vulnerability in versions newer than those listed in the latest advisories. Users with affected devices should install the available updates immediately. The updates can be found by navigating to Settings > General > Software Update on iOS and iPadOS devices, or System Settings > General > Software Update on compatible Mac computers.
For devices that are too old to support these updates, the risk remains. Security experts consistently advise that using outdated, unsupported software carries inherent security risks, as patches for newly discovered flaws are not provided. Users in this situation should consider upgrading their hardware if security is a primary concern.
Broader Implications for Software Support
This incident highlights the evolving challenge of software support in the technology ecosystem. While Apple provides longer support cycles for its devices than many competitors, the discovery of flaws being used in active attack campaigns against older OS versions creates pressure to extend security coverage. Backporting fixes is a resource-intensive but vital process to protect the broader user base.
The practice also underscores the importance of the security research community and threat intelligence sharing. The identification of the Coruna kit using this specific vulnerability directly informed Apple’s decision to release these supplemental updates, demonstrating how public disclosure can lead to coordinated defensive actions.
Looking ahead, users can expect Apple and other major software vendors to continue monitoring active threats for older systems. While not guaranteed, the backporting of critical fixes, especially for vulnerabilities under active attack, has become a more common industry practice. The timeline for such updates typically depends on the severity of the threat and the complexity of adapting the fix for older code bases. Security analysts recommend that all users enable automatic updates to ensure they receive these vital patches as soon as they are released.
Source: Apple security Updates, Threat Intelligence Reports
