Critical Security Update Released for Legacy Apple Devices to Address Dangerous Exploits

Apple has issued an urgent security patch for legacy devices that cannot run the latest operating systems, targeting several critical vulnerabilities that cybercriminals have actively exploited. Users of these older models should install the update immediately to protect against sophisticated attacks that have already compromised devices worldwide.

Critical Vulnerabilities Target Older Apple Hardware

The security update, released on March 11, addresses multiple vulnerabilities that form part of the dangerous Coruna exploit framework. This comprehensive attack toolkit contains 23 separate exploits designed to target iOS versions ranging from 13.0 through 17.2.1, making it particularly threatening to users of older Apple hardware.

Security researchers from Google’s Threat Intelligence division have documented the use of these exploits by various malicious actors, including Russian state-sponsored hackers, commercial surveillance companies, and Chinese cyber threat groups. The exploits have been utilized for espionage operations and cryptocurrency theft campaigns.

The patched vulnerabilities grant attackers significant control over compromised devices, enabling them to escalate their access to kernel-level privileges or execute malicious code remotely. The specific security flaws include multiple WebKit vulnerabilities designated as CVE-2023-43010, CVE-2024-23222, CVE-2023-43000, and CVE-2023-43010, along with a kernel vulnerability tracked as CVE-2023-41974.

Affected Device Models

The security update targets devices running iOS 15.8.7/16.7.15 and iPadOS 15.8.7/16.7.15, covering a range of older Apple products that remain in active use:

• iPhone 6s
• iPhone 7
• iPhone SE (1st generation)
• iPhone 8
• iPhone 8 Plus
• iPhone X
• iPad Air 2
• iPad Mini (4th generation)
• iPod Touch (7th generation)
• iPad (5th generation)
• iPad Pro 9.7-inch
• iPad Pro 12.9-inch (1st generation)

This latest security response follows Apple’s pattern of addressing zero-day vulnerabilities throughout 2024, including a February patch for iOS 17, iPadOS 17, and macOS Sonoma that the company indicated had been exploited in highly targeted attacks against specific individuals.