Apple releases iOS 15.8.7 to fix Coruna exploit for iPhone 6S from 2015(support.apple.com)

81 pointsby seam_carver4 hours ago12 comments

suprstarrd3 hours ago
To be clear: the phone is from 2015, not the exploit chain.
Related: https://cloud.google.com/blog/topics/threat-intelligence/cor...
- VladVladikoffan hour ago
  >The kit performs the following unique actions: Bailing out if the device is in Lockdown Mode, or the user is in private browsing.
  dunning_kruger_meme_private_browsing_keeps_me_safe.avif
ryandrakean hour ago
This is nice in that Apple acknowledges that iPhone 6s and iPhone 7 devices still exist and are used. I wish third party developers would read that memo and get with the program. The App Store is becoming a ghost town of "This app stopped supporting your icky old device" warning messages due to app developers abandoning these phones.
- kstrauseran hour ago
  Apps don’t support devices, by and large. They support SDK versions. Targeting a 4 year old SDK means not using a fair chunk of new OS features, which translates to at least some lost sales and developer happiness.
  I’m sympathetic with your point, truly, but I also get why devs would aim at newer OSes.
seam_carver2 hours ago
Available for:
iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)
iOS 16.7.15 and iPadOS 16.7.15: iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation
tech234a2 hours ago
Notably these exploits were originally patched for newer devices in 2023 and 2024. However, the Coruna exploits are now publicly available because some of the IOC URLs mentioned in Google's recent blog post [1] were found to still be live. Jailbreakers are already repurposing the code to make web-based tools [2].
[1]: https://cloud.google.com/blog/topics/threat-intelligence/cor...
[2]: https://x.com/Little_34306/status/2031823581513204009 (Note: the link in this tweet goes to an exploit page that uses code repurposed from malware)
GeekyBear2 hours ago
A security update for an eleven year old phone is pretty wild.
For comparison, the Nexus 6P was released in the same year as the iPhone 6S. It last received a security update in 2018.
- VladVladikoffan hour ago
  Only 3 years of security updates for a computer we use every day is criminal. It shouldn’t be shocking that Apple kept patching but rather that Google hasn’t.
kevincloudsec2 hours ago
patching a kernel exploit on a phone from 2015 is nice until you realize the coruna IOC URLs were still live long enough for jailbreakers to weaponize the code before the patch shipped.
thecybernerd3 hours ago
I wonder what the active device threshold is for them to make the decision to patch an operating system from a decade ago.
- ronsor3 hours ago
  Probably recent active exploitation
throwaway858252 hours ago
A device can be unsupported yet millions will still use it. The obsolescence business model needs to be legislated away.
- gruez2 hours ago
  Should DEC still be releasing patches for the PDP-11? Apple is probably the better companies out there. Some Android devices (cheap tablets on aliexpress) don't even get a year of updates.
  - throwaway858252 hours ago
    A VM image of the build server would work.
nineteen9992 hours ago
Now if they'd just release an update to 26.3.1 (23D8133) which PERMANENTLY broke Apple Carplay for me I'd be happy. It's been getting steadily worse since iOS 26 was released.
Apple is rapidly becoming the new Microsoft. I mean, Microsoft has fallen so much further, so I guess that just opened up a new gap in the shitty technology spectrum for Apple to descend to.
burnt-resistor3 hours ago
Still waiting for iOS and iPadOS security updates to 18 as per the tradition of supporting the past 2 generations of OSes rather than this sneaky rug-pull of trying to foist fugly 26 on users who don't want an unusable device.
This sort of spurious patching and releasing token cheap devices is a form of gaslighting.
- stock_toaster2 hours ago
  Indeed! I was about to post something very similar. Glad I scrolled down a bit.
behnamoh3 hours ago
Am I supposed to be impressed by this? This is part of the Apple experience: long-term updates in exchange for absurdly high markups up-front. I'd be impressed if the markup got lowered and iDevices still got such updates, but that's not happening.
- falkensmaize3 hours ago
  Absurdly high markups? They just released a very good laptop for $599. The Galaxy S26 Ultra is $1299. The OnePlus 15 is $999. A Dell XPS 16 with 32gb ram is over $2000.
  I won’t argue that they charge a premium for memory and nvme, but I have never felt like I overpaid for my MacBooks or iPhones, in part because they last so long.
  - burnt-resistor3 hours ago
    One anecdotal example doesn't break the pattern. It's a performative ploy.
    nozzlegear2 hours ago
    That's not anecdotal, it literally is the price of the MacBook Neo.
- colinbartlett3 hours ago
  Yes because if it helps keep devices in use longer it helps reduce waste and the planetary impacts of a culture of disposable products.
  - paulryanrogers3 hours ago
    If only they had user replaceable batteries, or repairable devices
    tpmoney3 hours ago
    https://support.apple.com/self-service-repair
    https://support.apple.com/mac-laptops/repair?services=servic...
    https://getsupport.apple.com/repair-locations?locale=en_US
    paulryanrogers2 hours ago
    I mean self repair without renting proprietary equipment, having to soften glue with heat, etc. I used to be able to swap batteries in seconds without tools. Some laptops could do it without shutting down.
- cryptoegorophy3 hours ago
  Well. You can buy iPhone 6S for $50. How much cheaper did you want it?
- runako2 hours ago
  iPhone 17 Pro is $1099, Google Pixel Pro is $999, Galaxy S26 Ultra is $1,299.
  Flagship phones are expensive. Apple mostly just does not make low-spec phones, and cheap phones are generally low-spec (or their makers would charge more).
- nativeit3 hours ago
  The bar has become incredibly low, it’s true. I could argue that’s all the more reason for recognizing when these monoliths do the right thing, but I would probably struggle to claim they deserve any of it at this point.
- cosmic_cheese3 hours ago
  I mean there’s loads of Android stuff in Apple-adjacent price brackets that haven’t seen the tiniest hint of an update in many years…
anshumankmr3 hours ago
This will really help the 10 people still using an iPhone 6S.
(Still a common W for Apple updates)