APPLE has released security updates for legacy iOS and iPadOS versions to patch Coruna exploits, with iOS and iPadOS 16.7.15 and 15.8.7 respectively. In early March 2026, researchers from Google and iVerify disclosed Coruna, a nation-state grade exploit kit described as capable of mass exploitation against Apple’s iOS ecosystem, which includes 23 exploits in five attack chains.
The new advisories note that 15.8.7 patches four vulnerabilities: CVE-2023-41974, CVE-2024-23222, CVE-2023-43000, and CVE-2023-43010, the first being a kernel issue and the others WebKit flaws; fixes for the WebKit flaws had previously been rolled out in various releases.
According to Apple, the kernel vulnerability can be exploited by a malicious app to execute arbitrary code with kernel privileges, with a fix first rolled out in iOS 17 in September 2023. iOS 16.7.15 addresses only CVE-2023-43010, while WebKit fixes were introduced earlier across iOS 17.3, iOS 16.6, and iOS 17.2 updates. Apple published these advisories to help users who cannot update to the latest version, and Google has observed active exploitation while CISA has added several Coruna flaws to its KEV catalog.