Apple Issues Critical Security Update for Older iPhones and iPads

Apple has issued a critical security update for a range of older iPhone and iPad models, addressing a series of vulnerabilities actively exploited by cybercriminals. These patches are vital for devices that cannot upgrade to the latest iOS versions, protecting them from sophisticated attack chains used for espionage and financial theft. The update specifically counters threats from the Coruna exploit kit, a tool leveraged by multiple advanced threat groups.

This security release backports fixes for several serious flaws, some of which were previously resolved in newer iOS versions. Apple confirmed the update brings essential protections to legacy hardware, stating it addresses iOS security issues targeted by multiple exploit chains. These chains are often used in zero-day attacks designed to escalate an attacker’s permissions to kernel-level access or achieve remote code execution on compromised devices.

The vulnerabilities corrected include several critical WebKit and kernel flaws. Key among them are CVE-2023-41974, a kernel use-after-free issue, and CVE-2024-23222, a WebKit type confusion flaw. Also patched are CVE-2023-43000 and CVE-2023-43010, both WebKit use-after-free vulnerabilities addressed with improved memory management. The scope of impacted devices is broad, covering models running iOS 15.8.7 and 16.7.15.

Affected hardware includes the iPhone 6s, iPhone 7, first-generation iPhone SE, iPhone 8, iPhone 8 Plus, and iPhone X. On the tablet side, the update applies to the iPad Air 2, iPad mini (4th generation), iPod touch (7th generation), iPad 5th generation, and the first-generation 9.7-inch and 12.9-inch iPad Pro models. Owners of these devices should install the update immediately.

Research from Google’s Threat Intelligence Group indicates the Coruna exploit kit has been in use since February 2025 by a diverse set of malicious actors. These include a suspected Russian state-backed hacking group known as UNC6353, a customer of a surveillance vendor, and a financially motivated Chinese threat actor tracked as UNC6691. This latter group was observed deploying the kit through fake gambling and cryptocurrency websites to deliver malware that steals digital wallets from victims’ devices.

In response to the active threats, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added several of the flaws targeted by Coruna to its Known Exploited Vulnerabilities catalog. This includes the CVE-2023-43010 WebKit flaw backported by Apple. CISA has mandated that all Federal Civilian Executive Branch agencies patch their vulnerable iOS systems by March 26, 2025, in accordance with Binding Operational Directive 22-01.

The agency emphasized the serious risk, noting that such vulnerabilities are common vectors for malicious cyber activity and pose significant danger to federal systems. CISA’s guidance instructs organizations to apply vendor-provided mitigations or discontinue use of the product if fixes are unavailable. This directive underscores the high-stakes nature of these security flaws.

Separately, earlier this year Apple resolved another zero-day vulnerability, tracked as CVE-2026-20700, which was exploited in what the company described as an “extremely sophisticated attack” against specific individuals. This flaw allowed threat actors to execute arbitrary code on infected devices. Apple credited Google’s Threat Analysis Group with reporting the issue, though specific details regarding its exploitation were not disclosed.

(Source: Bleeping Computer)