Apple releases iOS 15.8.7 to fix Coruna exploit for iPhone 6S from 2015
support.apple.comNotably these exploits were originally patched for newer devices in 2023 and 2024. However, the Coruna exploits are now publicly available because some of the IOC URLs mentioned in Google's recent blog post [1] were found to still be live. Jailbreakers are already repurposing the code to make web-based tools [2].
[1]: https://cloud.google.com/blog/topics/threat-intelligence/cor...
[2]: https://x.com/Little_34306/status/2031823581513204009 (Note: the link in this tweet goes to an exploit page that uses code repurposed from malware)
So when the exploit was discovered these phones were supposed to still receive security updates? And Apple decided to not patch these because what?
Thanks Google for forcing their hand.
To be clear: the phone is from 2015, not the exploit chain.
Related: https://cloud.google.com/blog/topics/threat-intelligence/cor...
Available for:
iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)
iOS 16.7.15 and iPadOS 16.7.15: iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation
This is nice in that Apple acknowledges that iPhone 6s and iPhone 7 devices still exist and are used. I wish third party developers would read that memo and get with the program. The App Store is becoming a ghost town of "This app stopped supporting your icky old device" warning messages due to app developers abandoning these phones.
Apps don’t support devices, by and large. They support SDK versions. Targeting a 4 year old SDK means not using a fair chunk of new OS features, which translates to at least some lost sales and developer happiness.
I’m sympathetic with your point, truly, but I also get why devs would aim at newer OSes.
I think you might be confusing two things. iOS developers build against a particular SDK, but they specify a deployment target which is an OS version. You can build against the latest or near-latest SDK (in fact Apple requires you to), while still targeting arbitrarily old OS versions. The developer changes these independently.
Developers can easily use APIs introduced after their deployment target OS. So if you want to target iOS 15, but use APIs introduced in iOS 17, you can easily do this with a runtime check.
Many iOS developers choose to increase their deployment target, which accomplishes nothing for the user besides locking out older devices, while making the developer's life more comfortable (he can abandon those runtime checks and code paths that only run on older devices).
But if you are disciplined and care about your users on old devices, you can very easily target those old devices while still using the latest and greatest OS features on devices that have them.
I think I saw a YouTube video where some developer said that Apple requires you to use latest version of Xcode, that version has a minimum SDK (I think iOS 15) and he was complaining he couldn't update his iOS 12 targetting app anymore.
Was it this video? https://www.youtube.com/watch?v=WXqVV8_GORE
He finds a solution involving copying files across from an older version of xcode
I believe Apple makes it difficult, but not impossible. At the end of the day, these things are specified in text files that can be edited, regardless of what options the GUI gives you. Definitely shame on Apple for trying to nudge developers to give up on older phones, but it aligns with their desire to keep their customers buying new phones.
And the ‘features’ also involve lot of performance updates that can leverage something like newer metal. Given that a large chunk of the user base uses an iPhone from 1-2 years ago it simply makes sense to use this and abandon old SDK.
This makes me wonder though how Apple seems to deal with this for their core apps.
I'd love to know what exciting new features the developers of my bank auth app (also used as semi-mandatory ID in various services) have available to them now that they've let it break on my otherwise adequate phone.
Apple technically supports downloading legacy app versions, but the system is broken: it usually requires the app to be in your purchase history, and developers can opt to delete their old binaries entirely.
Maybe something the EU could enforce is requiring Apple to offer the 'last compatible version' prompt for all users, not just previous downloaders, ensuring older hardware isn't artificially artificially rendered useless for basic tasks.
Developers don’t want new users downloading old versions and increasing the population of older versions they have to support
They got the memo... directly from Apple that drops fully functional phones with their SDK updates, only giving you tiny crumbs of security update once in a while
The iPhone 11 - the oldest version supported by iOS 26 - was released in 2019. My iPad Air from 2019 barely runs iOS 26 with 3GB RAM. What do you expect Apple to do differently?
Not forcing apps to drop support of fully functional phones, especially over poorly designed visual gimmicks?
Imagine you don't upgrade to iOS 26 and don't lose out on any of the app updates?
No one is forcing apps to drop support. Apple has supported downloading the “last compatible version” since 2011-2012. And developers are free to support iOS 18. Why waste their time and resources when they know every iOS 19 user can upgrade to iOS 26?
Apple hasn't supported that, by the way, there are apps where you simply can't download the "latest compatible version" Also you can't "buy it" even for free apps, you must've tied it to your account before. And yes, it's also forcing by making it very hard to support older versions, see the side comment on SDKs.
> they know every iOS 19 user can upgrade to iOS 26?
Because not every user does? Obviously?
And the few who don’t aren’t worth my limited resources.
A security update for an eleven year old phone is pretty wild.
For comparison, the Nexus 6P was released in the same year as the iPhone 6S. It last received a security update in 2018.
Only 3 years of security updates for a computer we use every day is criminal. It shouldn’t be shocking that Apple kept patching but rather that Google hasn’t.
7 years for hardware and 2 latest OS versions was the standard Apple support timeline, except for many iOS and iPadOS 18 devices to force use of Liquid Glass in 26.
This is a very odd take.
Apple decided to not patch a couple of iphones and ipads a few years ago. 6s was the oldest one at that time but even that was still within the update window.
The fact that they now have to patch them 3-4 year after the discovery because Google found them to be targeted in the wild should not be presented as a win for Apple.
I wonder what the active device threshold is for them to make the decision to patch an operating system from a decade ago.
Probably recent active exploitation
A device can be unsupported yet millions will still use it. The obsolescence business model needs to be legislated away.
Should DEC still be releasing patches for the PDP-11? Apple is probably the better companies out there. Some Android devices (cheap tablets on aliexpress) don't even get a year of updates.
A VM image of the build server would work.
And for my iPod touch! I was prepared to keep using it around the house – it's so much lighter than a phone – but I was worried about leaving it logged into iCloud Keychain if it wasn't going to get this fix.
patching a kernel exploit on a phone from 2015 is nice until you realize the coruna IOC URLs were still live long enough for jailbreakers to weaponize the code before the patch shipped.
Still waiting for iOS and iPadOS security updates to 18 as per the tradition of supporting the past 2 generations of OSes rather than this sneaky rug-pull of trying to foist fugly 26 on users who don't want an unusable device.
This sort of spurious patching and releasing token cheap devices is a form of gaslighting.
Why should Apple patch iOS 18 when all users can just update to the latest OS.
Indeed! I was about to post something very similar. Glad I scrolled down a bit.
Now if they'd just release an update to 26.3.1 (23D8133) which PERMANENTLY broke Apple Carplay for me I'd be happy. It's been getting steadily worse since iOS 26 was released.
Apple is rapidly becoming the new Microsoft. I mean, Microsoft has fallen so much further, so I guess that just opened up a new gap in the shitty technology spectrum for Apple to descend to.
This will really help the 10 people still using an iPhone 6S.
(Still a common W for Apple updates)
CONSOOM!
Am I supposed to be impressed by this? This is part of the Apple experience: long-term updates in exchange for absurdly high markups up-front. I'd be impressed if the markup got lowered and iDevices still got such updates, but that's not happening.
Absurdly high markups? They just released a very good laptop for $599. The Galaxy S26 Ultra is $1299. The OnePlus 15 is $999. A Dell XPS 16 with 32gb ram is over $2000.
I won’t argue that they charge a premium for memory and nvme, but I have never felt like I overpaid for my MacBooks or iPhones, in part because they last so long.
One anecdotal example doesn't break the pattern. It's a performative ploy.
That's not anecdotal, it literally is the price of the MacBook Neo.
How about iPhone 16e/17e? Base MacMini M4?
Yes because if it helps keep devices in use longer it helps reduce waste and the planetary impacts of a culture of disposable products.
If only they had user replaceable batteries, or repairable devices
https://support.apple.com/self-service-repair
https://support.apple.com/mac-laptops/repair?services=servic...
I mean self repair without renting proprietary equipment, having to soften glue with heat, etc. I used to be able to swap batteries in seconds without tools. Some laptops could do it without shutting down.
Or you can just pay $50…
Well. You can buy iPhone 6S for $50. How much cheaper did you want it?
iPhone 17 Pro is $1099, Google Pixel Pro is $999, Galaxy S26 Ultra is $1,299.
Flagship phones are expensive. Apple mostly just does not make low-spec phones, and cheap phones are generally low-spec (or their makers would charge more).
I mean there’s loads of Android stuff in Apple-adjacent price brackets that haven’t seen the tiniest hint of an update in many years…
The bar has become incredibly low, it’s true. I could argue that’s all the more reason for recognizing when these monoliths do the right thing, but I would probably struggle to claim they deserve any of it at this point.