Apple has released iOS 15.8.7 and iPadOS 15.8.7 and iOS 16.7.15 and iPadOS 16.7.15 to patch WebKit and kernel flaws on older iPhones and iPads that the company says were associated with the Coruna exploit. The updates were published on March 11 and apply fixes that Apple had previously shipped in newer iOS releases to devices that cannot move to the latest operating system versions.

According to Apple’s security notes for iOS 15.8.7 and iPadOS 15.8.7, the update fixes three vulnerabilities on older devices: CVE-2023-41974, a kernel use-after-free issue that could allow an app to execute arbitrary code with kernel privileges; CVE-2024-23222, a WebKit type confusion issue that could allow arbitrary code execution through malicious web content; and CVE-2023-43010, a WebKit memory corruption flaw tied to maliciously crafted web content.

The same Apple document says the fixes are available for iPhone 6s, iPhone 7, the first-generation iPhone SE, iPad Air 2, iPad mini 4, and iPod touch 7. Apple said the kernel fix associated with the Coruna exploit was originally shipped in iOS 17 on September 18, 2023, while the WebKit fixes were previously shipped in iOS 16.6 on July 24, 2023, iOS 17.2 on December 11, 2023, and iOS 17.3 on January 22, 2024.

“This update brings that fix to devices that cannot update to the latest iOS version.” — Apple security notes for iOS 15.8.7 and iPadOS 15.8.7

Apple’s separate security note for iOS 16.7.15 and iPadOS 16.7.15 addresses CVE-2023-43010 on iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and the first-generation iPad Pro 12.9-inch. Apple says the flaw could allow memory corruption when processing malicious web content and notes that the fix tied to the Coruna exploit had already been shipped in iOS 17.2 on December 11, 2023.

Apple backported Coruna-linked fixes to older hardware

Apple’s security releases page shows both older-device updates were issued on March 11, 2026, alongside newer platform releases. Apple did not name an actor in the advisories, but explicitly linked the addressed issues to the Coruna exploit, which had previously been documented as a WebKit and kernel exploitation chain used in targeted attacks.

The older-device fixes extend Apple’s recent pattern of shipping supplementary protections to hardware that no longer receives the newest iOS branch, a patching approach that overlaps with Cyberwarzone’s earlier coverage of Apple’s iOS CVE-2025-43300 zero-click patch analysis and its reporting on actively exploited software flaws added to CISA’s Known Exploited Vulnerabilities catalog.

The Apple advisories credit Félix Poulin-Bélanger for reporting CVE-2023-41974, while Apple credits itself for CVE-2023-43000 and CVE-2023-43010. The company did not publish additional indicators of compromise or operational details about the attacks in the security notes.

About the Author