CP
cyberpings
VulnerabilitiesHIGH

Critical Coruna Flaw Fixed for Older iPhones and iPads

SCSC Media
iOS 16.7.15iPadOS 15.8.7Coruna exploitCryptoWatersUNC6353
🎯

Basically, Apple fixed a serious security flaw in older iPhones and iPads to protect users from hackers.

Quick Summary

Apple has issued critical updates for older iPhones and iPads to fix the Coruna flaw. This vulnerability could expose sensitive data, making it essential for users to update their devices. Protect yourself by ensuring your device is up to date.

The Flaw

Apple has recently addressed a critical vulnerability known as the Coruna exploit. This flaw affects older models of iPhones and iPads that cannot update to the latest iOS versions. The exploit, also referred to as CryptoWaters, targets devices running iOS versions from 13.0 to 17.2.1. It includes 23 separate exploits and five exploit chains that compromise various system protections, including WebKit? and security features like PAC and PPL?.

The Coruna exploit? utilizes a custom JavaScript framework to deliver tailored attacks. Its final payload, dubbed PlasmaLoader, is particularly concerning as it aims to steal sensitive information such as banking data and cryptocurrency wallet details. This exploit communicates using encrypted channels, making it harder to detect, and employs a custom domain generation algorithm? seeded with the term "lazarus."

What's at Risk

The vulnerabilities associated with the Coruna exploit? pose a significant risk to users of older iPhone and iPad models. Those who have not updated their devices to the latest iOS versions are particularly vulnerable. The exploit has been linked to targeted surveillance campaigns and broader attacks orchestrated by various threat actors, including UNC6353, known for conducting Ukrainian watering hole attacks, and UNC6691, a Chinese financial threat group.

With the potential to compromise sensitive financial information, users must take these vulnerabilities seriously. The implications extend beyond individual users, as these exploits could also affect businesses relying on older Apple devices for operations.

Patch Status

In response to these vulnerabilities, Apple has released iPadOS 15.8.7 and iOS 16.7.15. These updates are designed to patch the Coruna exploit?s and provide much-needed protection for older devices. Notably, the fix for these vulnerabilities was initially included in iOS 17.3, released on January 22, 2024. Users are strongly encouraged to install these updates to safeguard their devices against potential attacks.

However, some users may find themselves unable to update their devices due to hardware limitations. For these users, the risk remains high, highlighting the importance of considering device upgrades or additional security measures.

Immediate Actions

To protect yourself from the Coruna exploit?, follow these steps:

  • Update your device: If your device supports the latest iOS or iPadOS versions, make sure to install the updates immediately.
  • Monitor sensitive accounts: Keep an eye on your banking and cryptocurrency accounts for any unauthorized transactions.
  • Consider device upgrades: If you own an older model that cannot be updated, think about upgrading to a newer device that can receive security updates.

By taking these proactive measures, you can help ensure your personal and financial information remains secure from the threats posed by the Coruna exploit?.

💡 Tap dotted terms for explanations

🔒 Pro insight: The Coruna exploit's complex attack vectors highlight the need for continuous vigilance in patch management for legacy systems.

Original article from

SC Media

Read Full Article

Share

Related Pings

HIGHVulnerabilities

Windows 11 Bug Locks Users Out of System Drive C

A critical bug in Windows 11 is locking users out of their system drives. Affected Samsung devices are unable to access essential applications. Microsoft is investigating the issue and advises users to wait for a patch.

Cyber Security News·
HIGHVulnerabilities

Cisco Catalyst SD-WAN Vulnerability Under Active Exploitation

CISA warns of a critical vulnerability in Cisco Catalyst SD-WAN systems. Federal agencies must act quickly to secure their networks. This flaw poses serious risks to sensitive data and operations.

SC Media·
MEDIUMVulnerabilities

Windows Autopatch to Default to Hotpatch Security Updates

Microsoft will soon enable hotpatch security updates by default for Windows Autopatch users. This change affects devices running Windows 11 version 24H2 or later. It aims to speed up security updates without requiring reboots, enhancing user experience and security.

SC Media·
HIGHVulnerabilities

Google Chrome Flaws Added to CISA's Exploited Vulnerabilities List

CISA has added two high-severity Google Chrome vulnerabilities to its Known Exploited Vulnerabilities catalog. Millions of users are at risk, as these flaws have already been exploited in the wild. Immediate updates and awareness are crucial to protect against potential attacks.

Security Affairs·
HIGHVulnerabilities

Old Industrial Controllers Spark Bidding War on eBay

A bidding war on eBay for 30-year-old industrial controllers raises cybersecurity concerns. These outdated systems pose risks to critical infrastructure. Immediate action is needed to secure them.

Dark Reading·
HIGHVulnerabilities

Windows 11 Users Locked Out of C: Drive on Samsung PCs

Microsoft is investigating a major issue affecting Windows 11 users on Samsung laptops. Many are locked out of their C: drive, disrupting access to files and applications. This issue could impact productivity significantly, and users are advised to wait for an official fix.

BleepingComputer·