Apple Issues Emergency Fixes for Coruna Flaws in Older iOS Versions
In a recent move to address a critical security vulnerability, Apple has released emergency fixes for the Coruna exploits in older iOS versions. The patches, which include iOS 16.7.15 and 15.8.7, aim to protect older iPhone and iPad models that no longer receive the latest major OS versions from the highly capable Coruna exploit kit.
The Coruna exploit kit, also known as CryptoWaters, was identified by Google's Threat Intelligence Group in early March as a powerful new iOS exploit kit that targets Apple iPhones running iOS versions 13.0 through 17.2.1. The kit includes five full exploit chains and a total of 23 exploits, making it a highly sought-after tool for threat actors. While the Coruna exploit kit is effective against older iOS versions, it is ineffective against the latest iOS release, according to Google.
The Coruna exploit kit relies on a highly engineered framework that links all components through shared utilities and custom loaders. It avoids devices in Lockdown Mode or private browsing, derives resource URLs from a hard-coded cookie, and delivers WebKit RCE and PAC bypasses in clear form. After exploitation, a binary loader deploys encrypted, compressed payloads disguised as .min.js files, tailored to specific chips and iOS versions. The kit includes 23 exploits covering iOS 13 through 17.2.1, with advanced mitigation bypasses and reusable modules for defeating memory and kernel protections.
At the end of the chain, a stager called PlasmaLoader injects into a root daemon and deploys a financially focused payload. The malware scans for crypto wallets, backup phrases, and banking data, exfiltrating sensitive information and loading additional modules from command-and-control servers. It targets numerous cryptocurrency apps, uses encrypted communications, and falls back on a custom domain generation algorithm seeded with “lazarus” to maintain persistence.
In response to the growing threat of the Coruna exploit kit, Apple has released security updates for legacy devices. The patches aim to protect older iPhone and iPad models that no longer receive the latest major OS versions from the Coruna exploit kit. The fixes include:
* iOS 16.7.15: Patches the WebKit vulnerability CVE-2023-43010. * iOS 15.8.7: Fixes vulnerabilities previously fixed in newer versions of iOS and iPadOS, including CVE-2023-41974, CVE-2024-23222, CVE-2023-43000, and CVE-2023-43010.
Apple has released the security updates for older devices, bringing the fixes associated with the Coruna exploit to devices that cannot update to the latest iOS version. This move is a significant step in addressing the growing threat of the Coruna exploit kit and protecting users from the malicious activities of threat actors.
As the threat landscape continues to evolve, it is essential for users to stay vigilant and keep their devices and software up to date. By following the latest security patches and updates, users can significantly reduce the risk of falling victim to the Coruna exploit kit and other malicious attacks.
In conclusion, the release of emergency fixes for the Coruna flaws in older iOS versions is a critical step in protecting users from the highly capable Coruna exploit kit. By staying informed and taking proactive measures to secure their devices, users can minimize the risk of falling victim to the Coruna exploit kit and other malicious attacks.