Apple releases iOS 15.8.7 to fix Coruna exploit for iPhone 6S from 2015

To be clear: the phone is from 2015, not the exploit chain.

Related: https://cloud.google.com/blog/topics/threat-intelligence/cor...

Notably these exploits were originally patched for newer devices in 2023 and 2024. However, the Coruna exploits are now publicly available because some of the IOC URLs mentioned in Google's recent blog post [1] were found to still be live. Jailbreakers are already repurposing the code to make web-based tools [2].

[1]: https://cloud.google.com/blog/topics/threat-intelligence/cor...

[2]: https://x.com/Little_34306/status/2031823581513204009 (Note: the link in this tweet goes to an exploit page that uses code repurposed from malware)

Available for:

iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)

iOS 16.7.15 and iPadOS 16.7.15: iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation

A security update for an eleven year old phone is pretty wild.

For comparison, the Nexus 6P was released in the same year as the iPhone 6S. It last received a security update in 2018.

This is nice in that Apple acknowledges that iPhone 6s and iPhone 7 devices still exist and are used. I wish third party developers would read that memo and get with the program. The App Store is becoming a ghost town of "This app stopped supporting your icky old device" warning messages due to app developers abandoning these phones.

I wonder what the active device threshold is for them to make the decision to patch an operating system from a decade ago.

patching a kernel exploit on a phone from 2015 is nice until you realize the coruna IOC URLs were still live long enough for jailbreakers to weaponize the code before the patch shipped.

A device can be unsupported yet millions will still use it. The obsolescence business model needs to be legislated away.

Now if they'd just release an update to 26.3.1 (23D8133) which PERMANENTLY broke Apple Carplay for me I'd be happy. It's been getting steadily worse since iOS 26 was released.

Apple is rapidly becoming the new Microsoft. I mean, Microsoft has fallen so much further, so I guess that just opened up a new gap in the shitty technology spectrum for Apple to descend to.

Still waiting for iOS and iPadOS security updates to 18 as per the tradition of supporting the past 2 generations of OSes rather than this sneaky rug-pull of trying to foist fugly 26 on users who don't want an unusable device.

This sort of spurious patching and releasing token cheap devices is a form of gaslighting.

Am I supposed to be impressed by this? This is part of the Apple experience: long-term updates in exchange for absurdly high markups up-front. I'd be impressed if the markup got lowered and iDevices still got such updates, but that's not happening.

This will really help the 10 people still using an iPhone 6S.

(Still a common W for Apple updates)