Apple Just Patched a Government-Linked Exploit on Older iPhones. Here's Why You Should Update Now.

Apple recently released iOS 16.7.15, iOS 15.8.7, iPadOS 16.7.15, and iPadOS 15.8.7. On the surface, it looks like a small update. However, it is an important one. This is because according to the changelog, Apple claims that this update patches the Coruna exploit that affects both iPhones and iPads.

Apple patches Coruna exploit in latest update

The company has recently pushed out a new update for iOS and iPadOS. However, we should note that this update is specifically for devices that are running on older iOS and iPadOS builds. This update will bump those devices up to iOS 16.7.15, iOS 15.8.7, iPadOS 16.7.15, and iPadOS 15.8.7.

This should cover devices like the iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation), iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation.

According to Apple’s changelog, “Processing maliciously crafted web content may lead to memory corruption. This fix associated with the Coruna exploit was shipped in iOS 17.2 on December 11th, 2023. This update brings that fix to devices that cannot update to the latest iOS version.”

Basically, with this update, Apple patches the vulnerabilities that the Coruna exploit targets. So, if you happen to run an older iPhone or iPad, it might be a good idea to update to it as soon as possible.

What is the Coruna exploit?

In case you missed our earlier coverage, recent reports from Google Threat Intelligence and iVerify have unveiled an iOS exploit kit called Coruna. By taking advantage of this exploit, attackers are able to bypass Apple’s security measures. It is also not a single exploit because it turns out this is what is known as a “watering hole” attack. It takes advantage of multiple vulnerabilities. So, in the event one security hole is closed, the attackers can use another.

What makes this discovery worrying is that apparently this toolkit has been linked to the US government. State-sponsored hacks aren’t new, but the fact that the US government reportedly used them means they must be effective to a certain degree. Also, the fact that they were leaked and resold on the black market is equally concerning.

However, the good news was that this exploit only targets older devices. The security researchers found that it only targeted devices running iOS 13 up to iOS 17.2.1. This is why Apple’s recent release mostly targets older iPhones and iPads. If you’re running on iOS or iPadOS 26, then you should be good.