Apple Patches Legacy iOS Versions to Address Coruna Exploits

What is Coruna?

Coruna is a sophisticated exploit kit that enables mass exploitation against Apple’s iOS ecosystem. It was first discovered in early March 2026 by researchers from Google and iVerify, who described it as ‘nation-state grade’.

This toolkit, which packs 23 individual exploits organized into five complete attack chains, has been quietly circulating in the cyber underground, enabling hackers to compromise iPhones running versions from iOS 13.0 (launched in September 2019) up to 17.2.1 (released in December 2023).

How Does Coruna Work?

The Coruna kit’s advanced techniques mark it as one of the most potent mobile threats observed in recent years. Attackers can achieve remote code execution on vulnerable devices, gaining full system access and allowing the installation of persistent malware.

The Coruna kit’s origins trace back to commercial surveillance vendors, where it was initially deployed for targeted monitoring operations. From there, it proliferated to nation-state actors, with evidence linking it to espionage campaigns, including Russia-linked attacks against Ukraine. The toolkit has since fallen into the hands of China-linked financially driven cybercriminals, who have repurposed it for large-scale fraud schemes.

Apple’s Response

Apple has patched the underlying vulnerabilities in iOS updates released over the past two years, and it has now also decided to release fixes for users who cannot update to the latest version.

Specifically, iOS and iPadOS 15.8.7 patch four vulnerabilities: CVE-2023-41974, CVE-2024-23222, CVE-2023-43000, and CVE-2023-43010. The first is a kernel issue, while the other three are WebKit flaws.

According to Apple, the kernel vulnerability can be exploited by a malicious app to execute arbitrary code with kernel privileges. A fix was initially rolled out in iOS 17 in September 2023.

The WebKit vulnerabilities can be exploited for arbitrary code execution using specially crafted web content. Fixes for these security holes were initially rolled out by Apple in iOS 17.3 (CVE-2024-23222, January 2024), iOS 16.6 (CVE-2023-43000, July 2023), and iOS 17.2 (CVE-2023-43010, December 2023).

iOS and iPadOS 16.7.15 only address CVE-2023-43010.

Conclusion

Apple’s decision to release updates for legacy iOS versions is a welcome move to protect users who cannot update to the latest version. It is essential for users to keep their devices up to date to prevent exploitation by sophisticated threat actors like those behind the Coruna kit.