Apple has released security updates for older iOS, iPadOS, and macOS Sonoma versions to patch CVE-2023-43010, a WebKit vulnerability the company says was exploited in the wild and linked in reporting to the Coruna exploit kit.
The flaw is described as a memory corruption issue triggered when a device processes maliciously crafted web content. Because WebKit powers Safari and many in-app browsers on Apple platforms, a successful attack could begin with a booby-trapped webpage or embedded web view. Apple originally fixed the bug in 2023 for current releases, then issued follow-on patches for older supported branches so users on legacy devices are not left exposed.
Apple has not shared technical details about the exploit chain or identified victims, which is typical for in-the-wild browser bugs. The company’s advisory says it is aware of a report that the issue may have been actively exploited. The Hacker News reported that the flaw was used as part of the Coruna exploit kit, though independent public attribution remains limited.
The update matters because WebKit flaws are a repeat target in Apple-focused intrusion campaigns, including spyware operations and other targeted attacks. Browser-engine bugs are especially valuable to attackers because they can be triggered through routine browsing activity, without requiring a user to install an app. On Apple devices, that risk extends beyond Safari to apps that render web content through WebKit.
For enterprises and consumers still using older Apple hardware, the backport closes a gap that can persist long after a zero-day is first patched on the newest OS versions. Security teams should verify update status across managed iPhones, iPads, and Macs, with extra attention on devices that cannot move to the latest platform release. Users should install the latest available patches for their device and treat unexpected links with caution, especially if they handle sensitive communications or are at higher risk of targeted surveillance. Using a trusted VPN can help reduce some exposure on hostile networks, but it does not mitigate a browser engine vulnerability.
