Coruna flaw fixes issued for older iPhone, iPad models

Security Affairs reports Apple has rolled out iPadOS 15.8.7 and iOS 16.7.15 to patch vulnerabilities linked to the Coruna exploits and protect older iPad and iPhone devices that can no longer update to the latest iOS versions.

The Coruna exploit kit, also called CryptoWaters, targets iOS 13.0 through 17.2.1 and includes 23 separate exploits and five exploit chains, affecting Web content, WebKit, and system protections like PAC and PPL. It uses a custom JavaScript framework and loaders to deliver tailored exploits. Its final payload PlasmaLoader targets banking data, cryptocurrency wallets, and other sensitive information, using encrypted communications and a custom domain generation algorithm seeded with "lazarus."

Google's Threat Intelligence Group, which discovered the vulnerability, observed Coruna in targeted surveillance campaigns, Ukrainian watering hole attacks by UNC6353, and broader attacks by Chinese financial threat actor UNC6691.

"This fix associated with the Coruna exploit was shipped in iOS 17.3 on January 22, 2024," according to Apple's advisory.