Apple Issues Security Updates for Older iOS Devices Targeted by Coruna WebKit Exploit  Ravie Lakshmanan  Mar 12, 2026 Vulnerability / Malware Apple on Wednesday backported fixes for a security flaw in iOS, iPadOS, and macOS Sonoma to older versions after it was found to be used as part of the Coruna exploit kit . The vulnerability, tracked as CVE-2023-43010 , relates to an unspecified vulnerability in WebKit that could result in memory corruption when processing maliciously crafted web content. The iPhone maker said the issue was addressed with improved handling. "This fix associated with the Coruna exploit was shipped in iOS 17.2 on December 11th, 2023," Apple said in an advisory. "This update brings that fix to devices that cannot update to the latest iOS version." Fixes for CVE-2023-43010 were originally released by Apple in the following versions - iOS 17.2 and iPadOS 17.2 macOS Sonoma 14.2 Safari 17.2 The latest round of fixes brings it to older versions of iOS and iPadOS - iOS 15.8.7 and iPadOS 15.8.7 - iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation) iOS 16.7.15 and iPadOS 16.7.15 - iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation What's more, iOS 15.8.7 and iPadOS 15.8.7 incorporate patches for three more vulnerabilities associated with the Coruna exploit - CVE-2023-43000 (Originally fixed in iOS 16.6, released on July 24, 2023) - A use-after-free issue in WebKit that could lead to memory corruption when processing maliciously crafted web content. CVE-2023-41974 (Originally fixed in iOS 17, released on September 18, 2023) - A use-after-free issue in the kernel that could allow an app to execute arbitrary code with kernel privileges. CVE-2024-23222 (Originally fixed in iOS 17.3 released on January 22, 2024) - A type confusion issue in WebKit that could lead to arbitrary code execution when processing maliciously crafted web content. Details of Coruna emerged earlier this month after Google said the exploit kit features 23 exploits across five chains designed to target iPhone models running iOS versions between 13.0 and 17.2.1. iVerify, which is tracking the malware framework that uses the exploit kit under the name CryptoWaters, said it has similarities to previous frameworks developed by threat actors affiliated with the U.S. government The development comes amid reports that Coruna was likely designed by U.S. military contractor L3Harris and that it may have been passed to Russian exploit broker Operation Zero by Peter Williams, a former general manager at the company who was sentenced to more than seven years in prison for selling several exploits in exchange for money. An interesting aspect of Coruna is the use of two exploits (CVE-2023-32434 and CVE-2023-38606) that were weaponized as zero-days in a campaign dubbed Operation Triangulation targeting users in Russia in 2023. Kaspersky told The Hacker News that it's possible for any sufficiently skilled team to come up with their own exploits, given that both the flaws have publicly available implementations. "Despite our extensive research, we are unable to attribute Operation Triangulation to any known APT group or exploit development company," Boris Larin, principal security researcher at Kaspersky GReAT, told The Hacker News in an email. "To be precise: neither Google nor iVerify in their published research claims that Coruna reuses Triangulation's code. What they identify is that two exploits in Coruna — Photon and Gallium — target the same vulnerabilities. That's an important distinction. In our opinion, attribution cannot be based solely on the fact of exploitation of these vulnerabilities." Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post. SHARE      Tweet  Share  Share  Share   Share on Facebook  Share on Twitter  Share on Linkedin  Share on Reddit  Share on Hacker News  Share on Email  Share on WhatsApp Share on Facebook Messenger  Share on Telegram SHARE  Apple , cybersecurity , exploit kit , iOS , Malware , mobile security , Threat Intelligence , Vulnerability , WebKit Trending News ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket Coruna iOS Exploit Kit Uses 23 Exploits Across Five Chains Targeting iOS 13–17.2.1 ⚡ Weekly Recap: Qualcomm 0-Day, iOS Exploit Chains, AirSnitch Attack and Vibe-Coded Malware ThreatsDay Bulletin: DDR5 Bot Scalping, Samsung TV Tracking, Reddit Privacy Fine and More Microsoft Reveals ClickFix Campaign Using Windows Terminal to Deploy Lumma Stealer OpenAI Codex Security Scanned 1.2 Million Commits and Found 10,561 High-Severity Issues Anthropic Finds 22 Firefox Vulnerabilities Using Claude Opus 4.6 AI Model Cisco Confirms Active Exploitation of Two Catalyst SD-WAN Manager Vulnerabilities 149 Hacktivist DDoS Attacks Hit 110 Organizations in 16 Countries After Middle East Conflict Open-Source CyberStrikeAI Deployed in AI-Driven FortiGate Attacks Across 55 Countries Starkiller Phishing Suite Uses AitM Reverse Proxy to Bypass Multi-Factor Authentication Google Confirms CVE-2026-21385 in Qualcomm Android Component Exploited New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel APT28 Tied to CVE-2026-21513 MSHTML 0-Day Exploited Before Feb 2026 Patch Tuesday Popular Resources Self-Hosted WAF: Block SQLi, XSS, and Bots Before They Reach Your Apps 19,053 Confirmed Breaches in 2025 – Key Trends and Predictions for 2026 Read CYBER360 2026: From Zero Trust Limits to Data-Centric Security Paths Identity Controls Checklist: Find Missing Protections in Apps