Apple Released Emergency Updates for iOS 15.8.7 to Thwart ‘Coruna’ Exploit Kit

Apple has rolled out an emergency security update, iOS 15.8.7 and iPadOS 15.8.7, to protect older devices from a severe threat known as the ‘Coruna’ exploit kit.

Released on March 11, 2026, this critical patch backports fixes from newer iOS versions, ensuring that users on legacy hardware are not left vulnerable to advanced cyberattacks.

The Coruna exploit kit relies on chaining multiple vulnerabilities to compromise Apple devices. By targeting both the device’s core operating system (the Kernel) and the WebKit browser engine.

Attackers can take full control of an affected iPhone or iPad simply by tricking the user into visiting a malicious website.

Apple Released Emergency Updates

Apple previously addressed these specific vulnerabilities in iOS 16 and iOS 17 between July 2023 and January 2024. However, threat actors are actively weaponizing these legacy flaws through the Coruna kit.

Apple has taken the necessary step of pushing these critical patches to older devices that cannot upgrade to the latest operating systems.

Users running older Apple hardware must install this software update immediately to remain protected.

The impacted devices include iPhone 6s, iPhone 7, iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation).

The iOS 15.8.7 update addresses four distinct security flaws, all of which are instrumental to the Coruna exploit kit’s attack chain:

Kernel Vulnerability (CVE-2023-41974): Discovered by researcher Félix Poulin-Bélanger, this is a use-after-free memory issue in the device’s Kernel.

If exploited, a malicious application could execute arbitrary code with the highest level of system privileges. Apple fixed this with improved memory management.

WebKit Type Confusion (CVE-2024-23222): This flaw in Apple’s web rendering engine allows attackers to execute arbitrary code if a user processes maliciously crafted web content. Apple resolved the issue by implementing stricter validation checks.

WebKit Memory Corruption (CVE-2023-43000): This is a use-after-free vulnerability within WebKit that can lead to memory corruption when parsing malicious web pages. It was patched using enhanced memory management techniques.

WebKit Memory Corruption (CVE-2023-43010): Another severe WebKit issue triggered by malicious web content, which also leads to memory corruption. Apple addressed this flaw by improving its overall memory-handling protocols.

Because the Coruna exploit kit leverages web-based attacks, users are at risk simply by browsing the internet or opening links sent through text messages.

The dangerous combination of WebKit flaws for initial access and the Kernel flaw for system privilege escalation makes this a highly critical threat.

Users of the affected legacy devices are strongly urged to navigate to their device settings and download the iOS 15.8.7 or iPadOS 15.8.7 update immediately to secure their systems against these known exploits.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.