If you continue using a iPhone or iPad that are a few years oldYou'll have to go through the settings, no matter what. Apple has released new versions of iOS and iPadOS designed precisely for those models that no longer make the leap to the latest major updates, but that are still in circulation in millions of pockets in Spain and the rest of Europe.
These versions, focused exclusively on security, update devices anchored in iOS 15 and iOS 16 face a particularly critical flawYou won't notice any visual changes or new features, but internally they're closing doors that cybercriminal groups and espionage actors are currently using to infiltrate older phones and tablets. This type of security updates They are usually distributed without any visible changes, but they are critical.
What updates has Apple released for older iPhones and iPads?
This time, Apple has published four specific versions of iOS and iPadOS Designed to cover a wide range of older devices. These are:
- iOS 16.7.15
- iPadOS 16.7.15
- iOS 15.8.7
- iPadOS 15.8.7
Their objective is very clear: to bring the same security patches to older iPhones and iPads These measures had already been implemented in more recent versions of iOS. Until now, the latest models were protected, but many older devices remained vulnerable even though they continued to function perfectly normally for everyday use.
According to the company's own security notes, these versions are classified as “Important security fixes recommended for all users”This is not, therefore, a minor update that you can leave for later: there are holes that They are already being actively exploited in real attacks.
Devices compatible with iOS 15.8.7 and iOS 16.7.15
One of the striking aspects of this movement is the age of some of the devices that continue to receive supportThere are models on the list that were released more than a decade ago and yet they continue to receive security patches.
The devices that can install these new versions are broadly divided into two groups: those that remained on the iOS 15 branch and those that maintain iOS 16 as the maximum.
Models that receive iOS 15.8.7 / iPadOS 15.8.7
- iPhone 6s
- 6s iPhone Plus
- iPhone 7
- 7 iPhone Plus
- iPhone SE (1nd generation)
- iPod touch (7th generation)
- iPad Air 2
- iPad mini 4
In this group we find true veterans like the iPad Air 2, released in 2014, or the iPhone 6s from 2015Despite the time that has passed, they continue to receive critical corrections, something unusual in the mobile market compared to other manufacturers.
Models that receive iOS 16.7.15 / iPadOS 16.7.15
- iPhone 8
- 8 iPhone Plus
- iPhone X
- iPad (5th generation)
- 9,7-inch iPad Pro (1rd generation)
- 12,9-inch iPad Pro (1rd generation)
These devices are somewhat newer, but They can no longer install the latest versions of the systemEven so, they are still present in the second-hand market and in many European families, small businesses and educational centers, where an iPhone 8 or a fifth-generation iPad continues to be more than enough for basic tasks.
Why this update is so urgent: the Coruna exploit kit
The underlying reason for this deployment lies in a set of vulnerabilities known as CorunaSeveral research teams, including Google's Threat Analysis Group and the security firm iVerify, have documented a highly sophisticated exploitation kit capable of chaining up to 23 different failures on iOS.
Coruna is heading towards system versions that go from iOS 13.0 to iOS 17.2.1This is a huge range that covers virtually all iPhones from recent years. In newer versions, Apple had already fixed these bugs through previous updates, but devices that remained on iOS 15 or 16 still had several unpatched vulnerabilities.
The operation of this kit relies primarily on vulnerabilities present in WebKit, the engine used by Safari and other browsers on iOSand kernel-level vulnerabilities. Through malicious websites or specially crafted content, attackers can trick the device into executing code it shouldn't and, from there, gradually gain privileges until they take complete control of the system. To better understand how these vulnerabilities affect the browser, consult articles on the WebKit engine and the system.
The security report details several vulnerability identifiers, such as CVE-2023-43010, CVE-2023-43000, CVE-2024-23222 and CVE-2023-41974Three of them affect WebKit and one affects the kernel. When properly combined, they allow remote code execution and privilege escalationThis is precisely the scenario any user wants to avoid on their mobile phone or tablet. If you'd like recommendations for protecting your devices, check this out. cybersecurity guide.
What attackers can do if you don't update your old iPhone
The danger of such a vulnerability is not merely theoretical. Researchers have confirmed that Coruna has already been used in real campaigns, both for espionage and for stealing sensitive information, and even in attacks targeting cryptocurrencies.
If an attacker manages to exploit these flaws in your device, they can compromise the system execute remote instructions without asking for permissionFrom there, it is possible to access photos, messages, browsing history, data from banking applications or payment platforms, as well as activate sensors such as the microphone without the user noticing.
One of the most worrying elements is that this type of attack They do not necessarily require the user to do something complex.In many cases, simply clicking on a link sent via SMS, email, or a messaging app, or visiting a compromised website, is enough to trigger the chain of exploitation.
Reports from Google and other security firms indicate that groups linked to different countries and private security companies They have incorporated Coruna into their tools. Meanwhile, these types of kits also circulate on the dark web, where they are offered to other actors in exchange for significant sums of money.
Why older iPhones and iPads are such a juicy target
It may seem that no one would bother attacking a phone that's years old, but the reality is quite the opposite. Many older devices are still very much present in everyday life and they don't always update as quickly as recent models.
In markets such as Spain and Europe, the iPhone 6s, 7, 8, first generation SE or iPhone X They're still frequently seen. These phones still hold up well for WhatsApp, social media, browsing, and video calls, and on the secondhand market, you can find them for around €100-€150 in the case of the iPhone 8. They're a very common option for young people, seniors, or anyone who doesn't want to spend too much on a new phone.
That longevity, combined with the lack of iOS's more modern defenses, makes them a candy for cybercriminalsThey lack the latest security hardware improvements and the new features of current system versions, making them easier to attack if they are not up to date with patches.
Furthermore, many of these devices are used in environments where access is also provided to email accounts, cloud services, banking apps, or work platformsAn old, poorly protected mobile phone or iPad can be the gateway to information belonging to an entire family or, in the case of companies, to sensitive internal data.
What exactly do iOS 15.8.7 and iOS 16.7.15 fix?
Apple doesn't usually go into technical detail in its release notes to avoid giving additional clues to potential attackers, but it has confirmed that These updates bring the same patches to iOS 15 and 16 which were previously released for iOS 17.
In the case of iOS 16.7.15 and iPadOS 16.7.15The focus is primarily on WebKit. It has been detected that handling specially prepared web content could cause memory corruptionThis opened the door to code execution within the browser context. Apple states that it has strengthened memory management to close this loophole.
Version iOS 15.8.7 It goes a little further. In addition to the changes in WebKit, it introduces a kernel fix for a use-after-free vulnerability that allowed certain applications to exploit the virus. execute code with kernel privilegesThese types of errors are especially critical because, once exploited, they leave the system with very little room to maneuver in order to defend itself.
Several fixes related to vulnerability identifiers are also included, such as CVE-2024-23222 or CVE-2023-43000These issues are associated with type confusion and other memory errors. All of this is part of the same solution package with which Apple is attempting to completely disable Coruna's attack chains on older devices.
How to update your old iPhone or iPad step by step
The procedure for installing these versions is the same as always, but it is advisable Don't leave it for another dayAlthough many people have automatic updates enabled, it's best in this case to manually check if the patch is already available.
To do this, you must follow these steps from the device itself:
- Open the app Settings.
- Enter the section General.
- Tap on Software update.
- Wait a few seconds for the system to search for new versions.
- If iOS 15.8.7 or iOS 16.7.15 (or their iPadOS equivalents) appears, tap on Download and install.
Before starting, it is recommended to have the device connected to a stable WiFi network and with at least 50% batteryor plugged into the charger. It's also a good idea to make a backup beforehand, either to iCloud or a computer, in case any problems arise during the process.
Apple indicates that the size of these patches is around 100-200 MBThe download shouldn't take too long. Once the installation is complete, the device will restart and be protected against the vulnerabilities that have been exploited in recent campaigns.
In a context where attacks targeting mobile phones and tablets are becoming increasingly common, Apple's move to Bring security patches to iPhones and iPads that no longer receive major updates It serves as a reminder of something basic: even if the device is old and works "for what I use it for," keeping the system updated is still the simplest and most effective defense to avoid surprises with our personal data.
