Released on March 11, 2026, this critical patch backports fixes from newer iOS versions, ensuring that users on legacy hardware are not left vulnerable to advanced cyberattacks.
The Coruna exploit kit relies on chaining multiple vulnerabilities to compromise Apple devices. By targeting both the device’s core operating system (the Kernel) and the
Attackers can take full control of an affected iPhone or iPad simply by tricking the user into visiting a malicious website.
Apple previously addressed these specific vulnerabilities in iOS 16 and iOS 17 between July 2023 and January 2024. However, threat actors are actively weaponizing these legacy flaws through the Coruna kit.
Apple has taken the necessary step of pushing these critical patches to older devices that cannot upgrade to the latest operating systems.
Users running older Apple hardware must install this software update immediately to remain protected.
The impacted devices include iPhone 6s, iPhone 7, iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation).
The iOS 15.8.7 update addresses four distinct security flaws, all of which are instrumental to the Coruna exploit kit’s attack chain:
Kernel Vulnerability (CVE-2023-41974): Discovered by researcher Félix Poulin-Bélanger, this is a use-after-free memory issue in the device’s Kernel.
If exploited, a malicious application could execute arbitrary code with the highest level of system privileges. Apple fixed this with improved memory management.
WebKit Type Confusion (CVE-2024-23222): This flaw in Apple’s web rendering engine allows attackers to execute arbitrary code if a user processes maliciously crafted web content. Apple resolved the issue by implementing stricter validation checks.
WebKit Memory Corruption (CVE-2023-43000): This is a use-after-free vulnerability within WebKit that can lead to memory corruption when parsing malicious web pages. It was patched using enhanced memory management techniques.
WebKit Memory Corruption (CVE-2023-43010): Another severe WebKit issue triggered by malicious web content, which also leads to memory corruption. Apple addressed this flaw by improving its overall memory-handling protocols.
Because the Coruna exploit kit leverages web-based attacks, users are at risk simply by browsing the internet or opening links sent through text messages.
The dangerous combination of WebKit flaws for initial access and the Kernel flaw for system privilege escalation makes this a highly critical threat.
Users of the affected legacy devices are strongly urged to navigate to their device settings and download the iOS 15.8.7 or iPadOS 15.8.7 update immediately to secure their systems against these known exploits.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Apple Released Emergency Updates for iOS 15.8.7 to Thwart ‘Coruna’ Exploit Kit appeared first on Cyber Security News.
A new weekend has arrived, and today, you can save big on Trails in the…
data-anim is a JavaScript animation library that applies CSS-powered animations to HTML elements while scrolling/hovering/clicking/loading…
The <i-html> web component allows you to dynamically import HTML content inline, similar to an…
Can’t. Stop. Dancing. | Image: Wonderwheel Recordings Shout out to subscriber N_Gorski for today's pick.…
Many Chichester residents carved out their whole Saturday to participate in a marathon-length town meeting,…
Nathan Fillion’s big Firefly tease has been revealed as a new animated series set between…
This website uses cookies.