Apple patches older iPhones and iPads against a sophisticated exploit kit known as “Coruna,” releasing crucial security updates for models unable to upgrade to the latest iOS versions. These vital patches, identified as iOS 16.7.15, iOS 15.8.7, iPadOS 16.7.15, and iPadOS 15.8.7, address a significant cybersecurity threat that has been actively exploited in the wild.
What is the Coruna Exploit Kit?
Coruna is a highly advanced exploit kit leveraging a chain of multiple vulnerabilities to compromise Apple devices. Discovered by Google’s Threat Intelligence Group (GTIG), this kit boasts an extensive collection of 23 exploits across five full iOS exploit chains. Its targets range from iOS 13.0 (September 2019) through 17.2.1 (December 2023), meticulously fingerprinting a device’s model and OS version to deploy the most effective attack vector.
“The Coruna exploit kit represents a significant escalation in mobile device threats, showcasing a sophisticated capability to chain multiple vulnerabilities for comprehensive device compromise.”
The progression of Coruna’s use highlights a concerning trend: a “secondhand” market for sophisticated exploits. Tools initially developed for state-sponsored surveillance are later acquired and deployed by cybercriminals, often for financial gain, particularly crypto-theft. This evolution underscores the persistent and adaptable nature of cyber threats.
Who is Behind Coruna and Their Motives?
Coruna has been active since February 2025, initially observed with a customer of a surveillance vendor. By July 2025, a suspected Russian espionage group (UNC6353) utilized Coruna in “watering hole” attacks targeting Ukrainian websites. More recently, in December 2025, a financially motivated Chinese threat actor (UNC6691) was found deploying the complete exploit kit via fake Chinese gambling and crypto websites. This trajectory from government surveillance to financially motivated cybercrime illustrates the fluid landscape of digital threats and the lucrative nature of zero-day exploits.
Critical Apple Patches Older iPhones: Vulnerabilities Addressed
The recent updates specifically target both kernel and WebKit vulnerabilities exploited by Coruna. Key vulnerabilities addressed include:
- CVE-2023-41974: A kernel use-after-free vulnerability that could enable an application to execute arbitrary code with kernel privileges.
- CVE-2023-43010, CVE-2024-23222, CVE-2023-43000: WebKit vulnerabilities, including use-after-free and type confusion issues, which could lead to memory corruption or arbitrary code execution when processing malicious web content.
Apple had previously patched these vulnerabilities in newer iOS releases. For instance, the fix for CVE-2023-41974 was included in iOS 17 on September 18, 2023. Other Coruna-related WebKit fixes were part of iOS 17.2 (December 11, 2023), iOS 17.3 (January 22, 2024), and iOS 16.6 (July 24, 2023). The latest updates extend these vital protections to older devices, including the iPhone 6s, iPhone 7, iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation).
This update is paramount because the Coruna exploit kit can compromise devices simply through a visit to a malicious website. Attackers can gain full device control, exfiltrate cryptocurrency wallets, sensitive financial information, and other critical data. While Coruna is ineffective against the very latest iOS versions, updating older devices is an essential step for protection. Users unable to update to the newest iOS versions are strongly advised to enable related Tech news Lockdown Mode or use private browsing, as Coruna performs checks to circumvent execution under these defensive configurations.




