Apple has issued new security updates for older versions of iOS and iPadOS, addressing vulnerabilities linked to the Coruna exploit. This announcement, made on Wednesday, aims to protect users from the sophisticated threats posed by this exploit kit.
The Emergence of Coruna Exploits
In March 2026, Google and iVerify researchers unveiled details of Coruna, a highly advanced exploit kit. Labeled as ‘nation-state grade,’ Coruna is capable of widespread exploitation across Apple’s iOS platforms. This toolkit comprises 23 exploits, organized into five attack chains, affecting devices from iOS 13.0 to 17.2.1.
The kit’s potent capabilities have positioned it as a significant mobile threat. Originally developed by commercial surveillance vendors for targeted operations, Coruna has since been utilized by nation-state actors in espionage activities, notably linked to Russian operations against Ukraine. More recently, it has been adapted by Chinese cybercriminals for large-scale fraud.
Technical Details and Vulnerability Patches
The Coruna exploit grants attackers the ability to execute remote code on compromised devices, enabling full system access for malware installation. Although Apple has addressed these vulnerabilities in recent iOS updates, they have now extended these fixes to legacy systems.
Specifically, iOS and iPadOS 15.8.7 address four vulnerabilities: CVE-2023-41974 (a kernel issue) and three WebKit flaws (CVE-2024-23222, CVE-2023-43000, CVE-2023-43010). The kernel vulnerability allows arbitrary code execution with kernel privileges, initially patched in iOS 17.
WebKit vulnerabilities, exploitable through crafted web content, were addressed in various iOS versions: 17.3, 16.6, and 17.2. Meanwhile, iOS and iPadOS 16.7.15 specifically target CVE-2023-43010.
Response and Future Outlook
While Apple has not reported active exploitation in their advisories, Google has acknowledged ongoing attacks, and CISA has included several Coruna vulnerabilities in its Known Exploited Vulnerabilities catalog. Apple’s advisories typically indicate if exploitation is occurring; however, such details were absent in this update.
As the cybersecurity landscape evolves, Apple’s proactive approach in updating legacy systems underscores the importance of maintaining robust security measures. Users are encouraged to apply these updates promptly to safeguard their devices against potential threats.
