Apple has issued a critical security update, iOS 15.8.7, aimed at safeguarding older devices against a significant cyber threat known as the ‘Coruna’ exploit kit. Released on March 11, 2026, this update delivers essential fixes from newer iOS versions to protect legacy hardware from sophisticated attacks.
Understanding the Coruna Exploit Threat
The Coruna exploit kit operates by exploiting multiple vulnerabilities to compromise Apple devices. It targets both the Kernel, which is the core of the device’s operating system, and the WebKit browser engine. This allows attackers to gain complete control over an iPhone or iPad by luring users to malicious websites.
Apple had previously addressed these vulnerabilities in iOS 16 and iOS 17 updates between July 2023 and January 2024. However, the Coruna kit continues to exploit these older flaws, prompting Apple to extend critical patches to devices unable to upgrade to the latest OS versions.
Devices Affected and Security Flaws Fixed
The iOS 15.8.7 update is crucial for users of older Apple models, including iPhone 6s, iPhone 7, iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation). The patch addresses four major security vulnerabilities that the Coruna kit leverages.
These vulnerabilities include a Kernel issue (CVE-2023-41974) discovered by researcher Félix Poulin-Bélanger, which involved a use-after-free memory flaw allowing arbitrary code execution. Apple resolved this by enhancing memory management.
Additionally, two WebKit memory corruption issues (CVE-2023-43000 and CVE-2023-43010) and a WebKit type confusion flaw (CVE-2024-23222) were fixed. These flaws could lead to arbitrary code execution upon processing malicious web content, which Apple addressed with improved validation and memory management.
Importance of Timely Updates
The Coruna exploit kit’s ability to initiate web-based attacks makes it a significant risk, as users could be targeted merely by browsing the internet or opening harmful links. The combination of WebKit and Kernel vulnerabilities poses a high-level threat by enabling system privilege escalation.
It is imperative for users of the affected legacy devices to promptly navigate to their device settings and download the iOS 15.8.7 or iPadOS 15.8.7 update. This action will ensure protection against these known security threats.
For continuous updates on cybersecurity, follow us on Google News, LinkedIn, and X. Reach out to us to feature your stories.
