Apple has released security updates to patch older iPhones and iPads against a set of vulnerabilities targeted in cyberespionage and crypto-theft attacks using the Coruna exploit kit.
Some of these security flaws have already been addressed in earlier updates for newer iOS device models, starting in September 2023.
“This fix associated with the Coruna exploit,” Apple said in security advisories released on Wednesday. “This update brings that fix to devices that cannot update to the latest iOS version,”
Apple said the patches will fix iOS security issues targeted by multiple exploit chains, many used in zero-day attacks aiming to help attackers escalate permissions to Kernel privileges or gain remote code execution on vulnerable devices.
The list of vulnerabilities addressed by these backported security patches includes:
- CVE-2023-41974: A Kernel use-after-free issue addressed with improved memory management
- CVE-2024-23222: A WekKit type confusion issue addressed with improved checks
- CVE-2023-43000: A WebKit use-after-free issue addressed with improved memory management
- CVE-2023-43010: A WebKit issue was addressed with improved memory handling
The list of devices impacted by these vulnerabilities is also quite extensive, as it includes a wide range of older models running iOS 15.8.7/16.7.15 and iPadOS 15.8.7/16.7.15:
- iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPhone 8, iPhone 8 Plus, iPhone X
- iPad Air 2, iPad mini (4th generation), iPod touch (7th generation), iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation
As Google Threat Intelligence Group (GTIG) researchers previously revealed, the Coruna exploit kit has been used by multiple threat groups since February 2025, including a suspected Russian state-backed hacking group (UNC6353), a surveillance vendor customer, and a financially motivated Chinese threat actor (UNC6691).
UNC6691 was spotted deploying the exploit kit on fake gambling and crypto websites to deliver malware payloads that stole cryptocurrency wallets from infected victims’ devices.
CISA added three of the 23 vulnerabilities targeted by Coruna to its catalog of Known Exploited Vulnerabilities on Friday, including the CVE-2023-43010 WebKit flaw, which Apple backported this week.
The U.S. cybersecurity agency also ordered Federal Civilian Executive Branch (FCEB) agencies to patch their iOS devices by March 26, as mandated by the Binding Operational Directive (BOD) 22-01.
“Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable,” CISA warned. “These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.”
Since the start of the year, Apple has also fixed a zero-day vulnerability (CVE-2026-20700) exploited in an “extremely sophisticated attack” targeting specific individuals and allowing threat actors to execute arbitrary code on compromised devices.
Apple said that Google’s Threat Analysis Group reported the zero-day, but didn’t provide any details about how the vulnerability was exploited.
Malware is getting smarter. The Red Report 2026 reveals how new threats use math to detect sandboxes and hide in plain sight.
Download our analysis of 1.1 million malicious samples to uncover the top 10 techniques and see if your security stack is blinded.