Your older Apple devices are now targets for the Coruna exploit kit. π±
CVE-2023-43010 Β· Severity 8.8 Β· Active WebKit Exploitation in Legacy iOS and macOS.
@[Apple](urn:li:organization:162479) has backported security fixes to older versions of iOS, iPadOS, and macOS Sonoma today. This follows the discovery of active exploitation by the Coruna exploit kit, which leverages a WebKit memory corruption flaw to achieve remote code execution.
The Coruna kit is a sophisticated toolkit used in cyberespionage and crypto-theft campaigns. By targeting the browser engine, attackers can compromise a device simply when a user views a maliciously crafted web page. This highlights the extreme risk of maintaining legacy unpatched devices within an enterprise environment.
The uncomfortable truth: Your security posture is only as strong as the oldest, unpatched iPad in your executive’s home office.
β Force a security update for all Apple devices, including older hardware, to the latest backported releases today.
β Use MDM to identify and isolate any devices that are no longer receiving security updates from Apple.
β Enable Lockdown Mode for high-value targets to reduce the attack surface for complex WebKit exploits.
Are you still allowing legacy, end-of-life mobile devices to connect to your corporate email? π
#Cybersecurity #MobileSecurity #Apple #ThreatIntelligence #SOC #CodeDefence