Apple releases iOS 15.8.7 and iOS 16.7.15 for older devices to patch the Coruna exploit

Apple just released a bunch of security updates for older iPhones and iPads to address a serious vulnerability.

Apple just released a batch of security updates for older iOS to protect devices that don’t support iOS 26 from a severe exploit kit known as Coruna.

Here’s what iOS updates were released today:

• iOS 15.8.7
• iPadOS 15.8.7
• iOS 16.7.15
• iPadOS 16.7.15

Google Threat Intelligence Group recently discovered the Coruna exploit kit. This malicious framework chains together 23 different vulnerabilities to attack target devices. Security researchers discovered that threat actors are actively using Coruna to steal data from compromised phones.

Apple originally patched these specific security flaws in the iOS 17 branch between late 2023 and early 2024. And now, almost three years later, the company is releasing the fix for older devices.

Here are the changelogs for 16.7.15 and iPadOS 16.7.15 updates:

“WebKit

Available for: iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation

Impact: Processing maliciously crafted web content may lead to memory corruption. This fix associated with the Coruna exploit was shipped in iOS 17.2 on December 11th, 2023. This update brings that fix to devices that cannot update to the latest iOS version.

Description: The issue was addressed with improved memory handling.”

Here are the changelogs for iOS 15.8.7 and iPadOS 15.8.7 updates:

“Kernel

Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)

Impact: An app may be able to execute arbitrary code with kernel privileges. This fix associated with the Coruna exploit was shipped in iOS 17 on September 18, 2023. This update brings that fix to devices that cannot update to the latest iOS version.

Description: A use-after-free issue was addressed with improved memory management.

CVE-2023-41974: Félix Poulin-Bélanger

WebKit

Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)

Impact: Processing maliciously crafted web content may lead to arbitrary code execution. This fix associated with the Coruna exploit was shipped in iOS 17.3 on January 22, 2024. This update brings that fix to devices that cannot update to the latest iOS version.

Description: A type confusion issue was addressed with improved checks.

WebKit Bugzilla: 267134

CVE-2024-23222

WebKit

Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)

Impact: Processing maliciously crafted web content may lead to memory corruption. This fix associated with the Coruna exploit was shipped in iOS 16.6 on July 24, 2023. This update brings that fix to devices that cannot update to the latest iOS version.

Description: A use-after-free issue was addressed with improved memory management.

WebKit Bugzilla: 255951

CVE-2023-43000: Apple

WebKit

Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)

Impact: Processing maliciously crafted web content may lead to memory corruption. This fix associated with the Coruna exploit was shipped in iOS 17.2 on December 11th, 2023. This update brings that fix to devices that cannot update to the latest iOS version.

Description: The issue was addressed with improved memory handling.”

If you’re using one of the mentioned devices, make sure to update your iPhone by going to Settings > General > Software Update.

Source

Hope you enjoyed this news post. Feedback welcome.

Posted Thursday 12 March 2026 at 12:28 pm AEST (my time).

News posts: 2023 5,800+ | 2024 5,700+ | 2025 5,700+ | 2026 (to end of February) 854

RIP Matrix