Legacy Under Siege: Apple Pushes Emergency iOS 15.8.7 Update to Thwart ‘Coruna’ Exploit Kit
Ddos 
In a major move to protect users of older hardware, Apple has released critical security updates for iOS 15.8.7 and iPadOS 15.8.7. This emergency response follows a stark warning from Google regarding a powerful exploit kit known as “Coruna,” which has been observed targeting a wide range of Apple devices.
While newer devices received these protections through various iOS 16 and 17 updates in 2023 and 2024, these latest releases bring vital security parity to legacy models that can no longer run Appleβs newest operating systems.
The Coruna exploit kit has lived multiple lives in the wild. It was first detected in highly targeted, surgical attacks before appearing in “watering hole” campaigns specifically aimed at Ukrainian users. In those instances, security experts suspected the involvement of a Russian espionage group.
However, the threat has since gone mainstream. Coruna was recently discovered across a massive network of fake Chinese financial websites, signaling that common cybercriminals have adopted the kit for broader financial fraud and data theft.
The Coruna kit is particularly dangerous because it uses a chain of vulnerabilities to achieve total device compromise. The attack typically begins when a user simply browses the web.
- The Entry Point (WebKit): The exploit leverages three distinct WebKit vulnerabilitiesβCVE-2023-43000, CVE-2024-23222, and CVE-2023-43010. By processing “maliciously crafted web content,” the attacker can trigger memory corruption or type confusion, leading to arbitrary code execution on the device.
- The Escalation (Kernel): Once the attacker has a foothold through the browser, they exploit CVE-2023-41974. This “use-after-free” issue allows a malicious app or process to gain full kernel privileges, giving the attacker complete control over the iPhone or iPad.
This update is a “non-negotiable” for anyone still using the following legacy devices:
| Software Update | Target Hardware |
|
iOS 15.8.7 / iPadOS 15.8.7 |
iPhone XS, iPhone XS Max, iPhone XR, and iPad (7th generation) |
|
iOS 16.7.15 / iPadOS 16.7.15 |
iPhone 8 / 8 Plus, iPhone X, iPad (5th gen), and early iPad Pro models |
Appleβs engineers addressed these flaws by implementing improved memory management and more rigorous checks during data processing. Specifically, the update neutralizes the “use-after-free” and “type confusion” issues that made the Coruna kit so effective.
If you are using an older Apple device, do not wait. Navigate to Settings > General > Software Update to apply these fixes immediately. In an era where even legacy hardware is a prime target for international espionage and financial crime, staying current is your best line of defense.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
