Mobile & Wireless Apple Updates Legacy iOS Versions to Patch Coruna Exploits The company has released iOS and iPadOS versions 16.7.15 and 15.8.7 to patch the vulnerabilities. By Eduard Kovacs | March 12, 2026 (10:40 AM ET) Flipboard Reddit Whatsapp Whatsapp Email Apple published new security advisories on Wednesday, informing iPhone and iPad users that updates are available for legacy versions of iOS and iPadOS to address the recently disclosed Coruna exploits. In early March 2026, researchers from Google and iVerify disclosed the details of a sophisticated exploit kit dubbed Coruna . Described as ‘nation-state grade’, Coruna enables mass exploitation against Apple’s iOS ecosystem. This toolkit, which packs 23 individual exploits organized into five complete attack chains, has been quietly circulating in the cyber underground, enabling hackers to compromise iPhones running versions from iOS 13.0 (launched in September 2019) up to 17.2.1 (released in December 2023). The experts warned that its advanced techniques mark it as one of the most potent mobile threats observed in recent years. The Coruna kit’s origins trace back to commercial surveillance vendors, where it was initially deployed for targeted monitoring operations. From there, it proliferated to nation-state actors, with evidence linking it to espionage campaigns, including Russia-linked attacks against Ukraine. The toolkit has since fallen into the hands of China-linked financially driven cybercriminals, who have repurposed it for large-scale fraud schemes. With Coruna, attackers can achieve remote code execution on vulnerable devices. Once inside, they gain full system access, allowing the installation of persistent malware. Advertisement. Scroll to continue reading. Apple has patched the underlying vulnerabilities in iOS updates released over the past two years, and it has now also decided to release fixes for users who cannot update to the latest version. Specifically, iOS and iPadOS 15.8.7 patch four vulnerabilities: CVE-2023-41974, CVE-2024-23222, CVE-2023-43000, and CVE-2023-43010. The first is a kernel issue, while the other three are WebKit flaws. According to Apple, the kernel vulnerability can be exploited by a malicious app to execute arbitrary code with kernel privileges. A fix was initially rolled out in iOS 17 in September 2023. The WebKit vulnerabilities can be exploited for arbitrary code execution using specially crafted web content. Fixes for these security holes were initially rolled out by Apple in iOS 17.3 (CVE-2024-23222, January 2024), iOS 16.6 (CVE-2023-43000, July 2023), and iOS 17.2 (CVE-2023-43010, December 2023). iOS and iPadOS 16.7.15 only address CVE-2023-43010. While Google has confirmed seeing active exploitation and the cybersecurity agency CISA has added several of the Coruna flaws to its Known Exploited Vulnerabilities (KEV) catalog, Apple’s advisories do not mention in-the-wild exploitation. Apple typically specifies in its advisories if it’s aware of active exploitation . Related : Apple iPhone and iPad Cleared for Classified NATO Use Related : Apple Patches iOS Zero-Day Exploited in ‘Extremely Sophisticated Attack’ Written By Eduard Kovacs Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering. More from Eduard Kovacs MedTech Giant Stryker Crippled by Iran-Linked Hacker Attack Wiz Joins Google Cloud as Landmark Acquisition Closes OpenAI to Acquire AI Security Startup Promptfoo Michelin Confirms Data Breach Linked to Oracle EBS Attack ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Schneider, Moxa, Mitsubishi Electric Jazz Emerges From Stealth With $61M in Funding for AI-Powered DLP Kai Emerges From Stealth With $125M in Funding for AI Platform Bridging IT and OT Security Thousands Affected by Ericsson Data Breach Latest News Meta Launches New Protection Tools as It Helps Disrupt Scam Centers Ally WordPress Plugin Flaw Exposes Over 200,000 Websites to Attacks The Human IOC: Why Security Professionals Struggle with Social Vetting Splunk, Zoom Patch Severe Vulnerabilities Cisco Patches High-Severity IOS XR Vulnerabilities Critical N8n Vulnerabilities Allowed Server Takeover Polyfill Supply Chain Attack Impacting 100k Sites Linked to North Korea Senate Confirms Joshua Rudd to Lead NSA and US Cyber Command Trending Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: Securing Fragile OT in an Exposed World March 10, 2026 Get a candid look at the current OT threat landscape as we move past "doom and gloom" to discuss the mechanics of modern OT exposure. Register Virtual Event: Supply Chain Security and Third-Party Risk Summit March 18, 2026 Join the event where top security experts unpack the biggest software supply chain risks. Register People on the Move Business software company Rippling as appointed Adrian Ludwig as CSO. Orca Security has named Rachel Nislick as Chief Marketing Officer. Netskope has appointed Joseph Welsh as leader of US public sector sales. More People On The Move Expert Insights The Human IOC: Why Security Professionals Struggle with Social Vetting Applying SOC-level rigor to the rumors, politics, and 'human intel' can make or break a security team. (Joshua Goldfarb) How to 10x Your Vulnerability Management Program in the Agentic Era The evolution of vulnerability management in the agentic era is characterized by continuous telemetry, contextual prioritization and the ultimate goal of agentic remediation. (Nadir Izrael) SIM Swaps Expose a Critical Flaw in Identity Security SIM swap attacks exploit misplaced trust in phone numbers and human processes to bypass authentication controls and seize high-value accounts. (Torsten George) Four Risks Boards Cannot Treat as Background Noise The goal isn’t about preventing every attack but about keeping the business running when attacks succeed. (Steve Durbin) How to Eliminate the Technical Debt of Insecure AI-Assisted Software Development Developers must view AI as a collaborator to be closely monitored, rather than an autonomous entity to be unleashed. Without such a mindset, crippling tech debt is inevitable. (Matias Madou) Flipboard Reddit Whatsapp Whatsapp Email