Apple backported security fixes for CVE-2023-43010 — a WebKit memory corruption vulnerability used by the Coruna exploit kit — to older iOS, iPadOS, and macOS Sonoma devices that cannot run the latest operating system versions.
While the fix originally shipped in iOS 17.2 and iPadOS 17.2 (December 2023), Apple expanded coverage to older devices via iOS 15.8.7 and iPadOS 15.8.7 — supporting iPhone 6s, iPhone 7, iPhone SE (1st gen), iPad Air 2, iPad mini 4, and iPod touch 7th gen — as well as iOS 16.7.15 and iPadOS 16.7.15.
“This fix associated with the Coruna exploit kit was shipped in iOS 17.2 on December 11th, 2023,” Apple said. “This update brings that fix to devices that cannot update to the latest iOS version.” The rare backport underscores the severity of the Coruna exploit kit and Apple’s determination to protect users unable to upgrade their aging hardware.