Full Report
Apple on Wednesday backported fixes for a security flaw in iOS, iPadOS, and macOS Sonoma to older versions after it was found to be used as part of the Coruna exploit kit. The vulnerability, tracked as CVE-2023-43010, relates to an unspecified vulnerability in WebKit that could result in memory corruption when processing maliciously crafted web content. The iPhone maker said the issue was
Analysis Summary
# Vulnerability: Critical WebKit Memory Corruption Backported to Legacy Apple Devices
## CVE Details
- **CVE ID:** CVE-2023-43010 (Primary focus), CVE-2023-43000, CVE-2023-41974, CVE-2024-23222
- **CVSS Score:** N/A (Article does not specify, but typically High/Critical for WebKit remote code execution)
- **CWE:** Unspecified Memory Corruption; Use-After-Free; Type Confusion
## Affected Systems
- **Products:** iPhone, iPad, Mac (Intel/Apple Silicon), and Apple Watch.
- **Versions:**
- Devices running versions prior to iOS/iPadOS 15.8.7 or 16.7.15.
- macOS Sonoma versions prior to 14.2.
- **Configurations:** Systems processing maliciously crafted web content (browser-based or app-based web views).
## Vulnerability Description
CVE-2023-43010 is a memory corruption flaw within the WebKit engine. The vulnerability is triggered during the processing of specially crafted web content. Specifically, the flaw stems from insufficient input validation or "improper handling" during memory allocation or processing, allowing an attacker to corrupt memory. In the context of the "Coruna" exploit kit, this flaw is chained with other vulnerabilities (such as kernel use-after-free or type confusion) to achieve full device compromise.
## Exploitation
- **Status:** **Exploited in the wild** (Part of the "Coruna/CryptoWaters" exploit kit).
- **Complexity:** Medium (Requires exploit chaining).
- **Attack Vector:** Network (Remote via malicious website/web content).
## Impact
- **Confidentiality:** High (Potential for full data access via kernel escalation).
- **Integrity:** High (Arbitrary code execution with kernel privileges).
- **Availability:** High (System instability or take-over).
## Remediation
### Patches
Apple has backported fixes to the following legacy versions:
- **iOS 15.8.7 and iPadOS 15.8.7:** For iPhone 6s/7, SE (1st gen), iPad Air 2, iPad mini (4th gen), and iPod touch (7th gen).
- **iOS 16.7.15 and iPadOS 16.7.15:** For iPhone 8/X, iPad (5th gen), and iPad Pro (1st gen).
- **Previously Patched:** Fixed in iOS/iPadOS 17.2, macOS Sonoma 14.2, and Safari 17.2.
### Workarounds
- No specific software workaround provided. Users are advised to avoid clicking untrusted links until the system is patched.
## Detection
- **Indicators of Compromise:** Unusual device reboots, battery drain, or unexpected network traffic to known exploit delivery domains.
- **Detection methods and tools:** Mobile security auditing tools (e.g., iVerify) are tracking this as part of the "CryptoWaters" framework.
## References
- Apple Support (iOS 15.8.7): [https://support.apple.com/en-us/126632]
- Apple Support (iOS 16.7.15): [https://support.apple.com/en-us/126646]
- NVD Detail (CVE-2023-43010): [https://nvd.nist.gov/vuln/detail/CVE-2023-43010]
- Security Research: [https://thehackernews.com/2026/03/coruna-ios-exploit-kit-uses-23-exploits.html]