Exploit kit danger: Apple updates older iOS and iPadOS versions
Apple released important updates for users of iOS and iPadOS 15 and 16 overnight on Thursday. They should be installed quickly.
iOS 15: Users still using the 2021 operating system are in danger – as are users of iOS 16.
(Image: Apple)
After Google's Threat Intelligence Group (GTIG) and the security company iVerify discovered a highly complex new exploit kit for iOS and iPadOS, reportedly used by both state agencies and criminals, Apple has responded: The iPhone manufacturer has released iOS 15.8.7 and iPadOS 15.8.7 as well as iOS 16.7.15 and iPadOS 16.7.15 for download.
Acute danger for older devices
While the new iOS and iPadOS 15 version patches a total of four vulnerabilities – one in the kernel and three in the WebKit browser engine – the new iOS and iPadOS version 16 only fixes one WebKit security issue. However, the flaws are each sufficient to apparently take complete control of devices. They are part of complex exploit chains embedded in the malware called Coruna. Users should update their iPhones and iPads immediately if they are still using these older operating system versions.
Videos by heise
Coruna is also dangerous because it is adapted to numerous iOS and iPadOS versions, from iOS 13 up to iOS 17.2.1. The exploit kit selects the appropriate attack variants and then executes them. Furthermore, websites were apparently online until a few days ago, from which one could become infected. Coruna allows so-called 1-click exploits, meaning it is enough to visit a link in the Safari browser on an iPhone or iPad to become infected. Newer iPhones and iPads with iOS and iPadOS 26 are not affected, according to current knowledge.
Connections to Russia and China
According to GTIG, Coruna has been used, among others, by individuals with Russian espionage connections to attack users in Ukraine. Later, however, the exploit kit was also used by a “financially motivated threat actor operating from China.” This apparently involved crypto scams, as the links spread through such sites, including a fake variant of the crypto exchange WEEX. The specific damage caused by Coruna is still unclear, as is who the manufacturer of the malware is. It is unlikely to be cheap given the numerous exploits used.
The incident shows that users with older iPhones and iPads are still being attacked. Apple only updates these sporadically and only when prominent cases like the current one with Coruna occur. This means: Other vulnerabilities under iOS 15 and 16 remain open. The best security is always achieved by installing the latest operating system version. This can be inconvenient for users who, for example, do not want to immediately adopt major changes like Liquid Glass. Apple already omits some patches in the respective previous version; with what selection criteria remains unclear.
Empfohlener redaktioneller Inhalt
Mit Ihrer Zustimmung wird hier ein externer Preisvergleich (heise Preisvergleich) geladen.
Ich bin damit einverstanden, dass mir externe Inhalte angezeigt werden. Damit können personenbezogene Daten an Drittplattformen (heise Preisvergleich) übermittelt werden. Mehr dazu in unserer Datenschutzerklärung.
(bsc)
