Full Report
Apple has released security updates to patch older iPhones and iPads against a set of vulnerabilities targeted in cyberespionage and crypto-theft attacks using the Coruna exploit kit. [...]
Analysis Summary
# Vulnerability: Multiple Flaws backported for "Coruna" Exploit Kit
## CVE Details
- **CVE ID:** CVE-2023-41974, CVE-2024-23222, CVE-2023-43000, CVE-2023-43010
- **CVSS Score:** N/A (Note: High severity based on CISA KEV inclusion and Kernel/RCE impact)
- **CWE:**
- CWE-416 (Use-After-Free): CVE-2023-41974, CVE-2023-43000
- CWE-843 (Type Confusion): CVE-2024-23222
- CWE-119 (Memory Corruption/Handling): CVE-2023-43010
## Affected Systems
- **Products:** iPhone (6s, 7, SE 1st gen, 8, 8 Plus, X), iPad (Air 2, mini 4th gen, 5th gen, Pro 9.7-inch, Pro 12.9-inch 1st gen), and iPod touch (7th gen).
- **Versions:** Systems running versions prior to iOS/iPadOS 15.8.7 or 16.7.15.
- **Configurations:** Older hardware that cannot support the most recent major iOS releases (e.g., iOS 17/18).
## Vulnerability Description
This group of vulnerabilities facilitates various exploit chains used by the "Coruna" exploit kit:
- **Kernel Flaw (CVE-2023-41974):** A use-after-free vulnerability that allows an attacker to escalate privileges to the Kernel level.
- **WebKit Flaws (CVE-2024-23222, CVE-2023-43000, CVE-2023-43010):** Type confusion and use-after-free issues in the browser engine. These are typically used to achieve remote code execution (RCE) when a user visits a malicious or compromised webpage.
## Exploitation
- **Status:** Exploited in the wild (Zero-day targeted by cyberespionage and crypto-theft groups).
- **Complexity:** Medium (Requires exploit chain delivery).
- **Attack Vector:** Network (Web-based via malicious sites).
## Impact
- **Confidentiality:** High (Total access to device data via Kernel privileges).
- **Integrity:** High (Ability to execute arbitrary code and modify system state).
- **Availability:** High (Potential for system crashes or persistent malware installation).
## Remediation
### Patches
Update to the latest available backported security versions:
- **iOS 15.8.7**
- **iOS 16.7.15**
- **iPadOS 15.8.7**
- **iPadOS 16.7.15**
### Workarounds
- No specific software workarounds provided. Users should avoid visiting untrusted websites (particularly gambling or crypto-related) until patches are applied.
## Detection
- **Indicators of Compromise:** High-resource usage, unauthorized cryptocurrency wallet transactions, or unusual outbound network traffic to known malicious domains.
- **Detection Methods and Tools:** Monitor for signs of the Coruna exploit kit, which has been linked to suspect Russian state-backed group UNC6353 and Chinese financially motivated group UNC6691.
## References
- Apple Security Advisory (iOS 15.8.7): [https]://support.apple[.]com/en-us/126632
- Apple Security Advisory (iOS 16.7.15): [https]://support.apple[.]com/en-us/126646
- CISA Known Exploited Vulnerabilities Catalog: [https]://www.cisa[.]gov/known-exploited-vulnerabilities-catalog
- Google Threat Intelligence Group (GTIG) Research: [https]://www.bleepingcomputer[.]com/news/security/cisa-warns-of-apple-flaws-exploited-in-spyware-crypto-theft-attacks/