If you have an older Apple device that doesn’t support the most current operating system, you may not receive every security update pushed to the latest iOS—or at least not at the same time. Apple has just released a patch for older devices that addresses a handful of bugs that have already been addressed in updates to newer models. Many of these have been exploited in zero-day attacks, so if you have one of the affected devices, you should ensure these updates are installed as soon as possible.
Zero-day exploits fixed with the update to older iPhones and iPads
As BleepingComputer reports, the March 11 security update addresses vulnerabilities used in cyber-espionage and crypto-theft attacks. The bugs are part of the Coruna exploit kit, a spyware and surveillance package with 23 total exploits that targeted iOS releases from 13.0 to 17.2.1. Google Threat Intelligence Group researchers have observed its deployment by state-backed Russian hackers, surveillance vendors, and a Chinese threat actor.
The vulnerabilities Apple is patching would allow attackers to escalate permissions to Kernel privileges or gain remote code execution capabilities on affected devices. The bugs include CVE-2023-43010, CVE-2024-23222, CVE-2023-43000, and CVE-2023-43010, all of which affect WebKit, and CVE-2023-41974, a Kernel vulnerability.
The update applies to older models running iOS 15.8.7/16.7.15 and iPadOS 15.8.7/16.7.15:
What do you think so far?
-
iPhone 6s
-
iPhone 7
-
iPhone SE (1st generation)
-
iPhone 8
-
iPhone 8 Plus
-
iPhone X
-
iPad Air 2
-
iPad Mini (4th generation)
-
iPod Touch (7th generation)
-
iPad (5th generation)
-
iPad Pro 9.7-inch
-
iPad Pro 12.9-inch (1st generation)
Apple patched another zero-day in February of this year for iOS 26, iPadOS 26, and macOS Tahoe that it says may have been exploited in “extremely sophisticated attack against specific targeted individuals.”