An “unusually professional” exploit
Coruna is a comprehensive iOS kit with five full exploit chains and a total of 23 exploits that was able to attack iPhones running iOS 13.0 to 17.2.1. GTIG describes Coruna as “particularly powerful and unusually professional”. Several security reports classify Coruna as an originally state-affiliated or nation-state-grade tool, which could later have at least partially fallen into other hands. Wired even writes that it is probably an iPhone hacking toolkit originally developed for the US government, which could now also be used by foreign intelligence services and criminals.
Just opening manipulated web content was part of the attack chain. In combination with a kernel bug, this could result in a significantly deeper compromise of the device. The first access was via WebKit vulnerabilities, and an additional kernel exploit subsequently enabled further system access. This interpretation comes from Apple’s security notes and the GTIG description of the full exploit chains.
The iPhone 6s and SE are safe again
The fact that Apple is still going back to iOS 15 with the updates is definitely positive. The system was released in September 2021 and was the last version that could still be installed on the iPhone 6s and 6s Plus (from 2015) and iPhone SE. Although iOS 13 and 14 remain unpatched, all iPhones that support those two systems can also be updated to iOS 15. The iPhone 5s and iPhone 6 had already stopped at iOS 12 and could not make the step to iOS 13.