Apple Issues Emergency iOS 15.8.7 Update to Block Coruna Exploit Kit Attacks

Apple has released an emergency security update, iOS 15.8.7 and iPadOS 15.8.7, to protect older iPhones and iPads from a sophisticated threat known as the Coruna exploit kit.

The update was released on March 11, 2026, and includes several critical security fixes backported from newer versions of Apple’s operating systems.

The patches are designed specifically for legacy Apple devices that are no longer eligible for upgrades to iOS 16 or iOS 17.

Apple occasionally releases these “lifeline” security updates to ensure older hardware remains protected against high‑risk vulnerabilities.

In this case, the update addresses four serious security flaws that attackers could chain together to compromise vulnerable devices.

The vulnerabilities affect both the iOS Kernel and WebKit, the browser engine used by Safari and all third‑party browsers on iOS.

Coruna Exploit Kit Targets iOS Devices

The Coruna exploit kit has been linked to attacks targeting iOS users through maliciously crafted web content.

Security researchers warn that attackers can lure victims to specially designed websites where the exploit kit triggers multiple vulnerabilities in sequence.

The attack begins in WebKit, where memory corruption or type confusion vulnerabilities can be exploited when a user visits a malicious webpage.

This allows attackers to escape browser sandbox protections. Once outside the sandbox, the exploit chain targets a Kernel vulnerability to elevate privileges and gain deeper control of the device.

If successful, attackers may execute arbitrary code with elevated permissions, potentially allowing them to install spyware, monitor device activity, or maintain persistent access to the compromised system.

To mitigate these risks, Apple has backported four security fixes from newer iOS releases to the iOS 15 ecosystem.

Vulnerabilities Patched

The update resolves one Kernel flaw and three WebKit vulnerabilities that could enable code execution and memory corruption attacks.

• CVE-2023-41974 (Kernel): A use-after-free vulnerability discovered by Félix Poulin-Bélanger allowed malicious applications to execute arbitrary code with kernel-level privileges. Apple addressed the issue by improving memory management. This flaw was previously fixed in iOS 17 in September 2023.
• CVE-2024-23222 (WebKit): A type confusion vulnerability that could allow attackers to execute arbitrary code through maliciously crafted web content. Apple patched the issue by improving security validation checks. The vulnerability was initially resolved in iOS 17.3 in January 2024.
• CVE-2023-43000 (WebKit): A use-after-free vulnerability that could lead to memory corruption when processing malicious webpages. Apple mitigated the issue through improved memory management. It was originally fixed in iOS 16.6 in July 2023.
• CVE-2023-43010 (WebKit): A memory handling vulnerability that could also result in memory corruption when processing crafted web content. Apple resolved the flaw with improved memory handling in iOS 17.2, released in December 2023.

Security experts note that because these vulnerabilities have already been publicly documented and patched in newer systems, threat actors have had significant time to analyze the flaws and build reliable exploitation techniques.

The iOS 15.8.7 and iPadOS 15.8.7 updates are intended for several older Apple devices that remain widely used but cannot upgrade to newer operating systems.

Affected devices include:

• iPhone 6s (all models)
• iPhone 7 (all models)
• iPhone SE (1st generation)
• iPad Air 2
• iPad mini (4th generation)
• iPod touch (7th generation)

Users of these devices are strongly advised to install the update immediately to reduce the risk of exploitation.

To install the patch, users should open the Settings app, navigate to General, and select Software Update.

From there, they can download and install iOS 15.8.7 or iPadOS 15.8.7 to ensure their devices are protected against the Coruna exploit kit and related attacks.

Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google.

The post Apple Issues Emergency iOS 15.8.7 Update to Block Coruna Exploit Kit Attacks appeared first on Cyber Security News.