"This fix associated with the Coruna exploit was shipped in iOS 17.2 on December 11th, 2023. This update brings that fix to devices that cannot update to the latest iOS version."
"The vulnerability, tracked as CVE-2023-43010, relates to an unspecified vulnerability in WebKit that could result in memory corruption when processing maliciously crafted web content. The iPhone maker said the issue was addressed with improved handling."
"iOS 15.8.7 and iPadOS 15.8.7 incorporate patches for three more vulnerabilities associated with the Coruna exploit including a use-after-free issue in WebKit, a use-after-free issue in the kernel, and a type confusion issue in WebKit."
Apple released backported security patches for a WebKit vulnerability (CVE-2023-43010) and three related Coruna exploit vulnerabilities to older device versions. The primary vulnerability involves memory corruption from maliciously crafted web content, originally fixed in iOS 17.2. The backport extends protection to iOS 15.8.7, iPadOS 15.8.7, iOS 16.7.15, and iPadOS 16.7.15, covering older iPhone and iPad models. Additional vulnerabilities addressed include use-after-free issues in WebKit and the kernel, plus a type confusion issue in WebKit. These patches target devices unable to upgrade to current software versions while remaining vulnerable to the Coruna exploit kit.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]