Apple has released critical security updates for older iPhones and iPads to address the Coruna exploit kit, a sophisticated collection of exploits. If you’re still using an older device stuck at iOS/iPadOS 15 or 16, update immediately.
Apple has released iOS 15.8.7, iOS 16.7.15, and their corresponding iPadOS versions to address four security vulnerabilities associated with the Coruna exploit kit—a collection of tools that could allow attackers to compromise iPhones through malicious websites. The updates bring critical security fixes to older devices that cannot upgrade to the latest iOS versions. Google Threat Intelligence Group (GTIG) has identified a new and powerful exploit kit targeting Apple iPhone models running iOS version 13.0 (released in September 2019) up to version 17.2.1 (released in December 2023).
The exploit kit, named “Coruna” by its developers, contained five full iOS exploit chains and a total of 23 exploits. The core technical value of this exploit kit lies in its comprehensive collection of iOS exploits, with the most advanced ones using non-public exploitation techniques and mitigation bypasses. The Coruna exploit kit is not effective against the latest version of iOS, and iPhone users are strongly urged to update their devices to the latest version of iOS.
In instances where an update is not possible, it is recommended that Lockdown Mode be enabled for enhanced security. Interestingly, Apple addressed these vulnerabilities years ago in iOS 16 and 17 but never backported the fixes to older versions. Why not? Perhaps Apple didn’t consider them worth fixing, or—more charitably—didn’t realize these vulnerabilities had been discovered outside the company, since two of the four were found by Apple itself.
Either way, it’s evidence that Apple doesn’t backport every security fix. Here are the affected devices—including the seventh-generation iPod touch from 2019, which is actually the newest of them; the rest came out from 2014 through 2017. If you (or people you know) are still using one of these devices (check in Settings > General > About since my experience is that people with much older devices often don’t remember the precise model), I strongly recommend updating immediately via Settings > General > Software Update.
The Google Threat Intelligence Group’s research shows that these vulnerabilities have proliferated broadly, including to suspected Russian espionage groups and a financially motivated hacking group from China. In other words, these exploits aren’t just being used against high-profile targets. Thank you for this post, Adam. I wouldn’t have known about this because Apple hasn’t sent any notice to update.
I am in the process of updating my iPad Air 2 now. It is on Preparing Update and it’s forever! Thank you Adam. I have a couple of those devices mainly for music purposes but they do connect online sometimes. Great help! How right you are! I thought one here by my desk was an iPhone 6 but About says it’s an SE! But it’s also on 16.6, so if I read your lists correctly, it’s already protected?
But it’s also on 16.6, so if I read your lists correctly, it’s already protected? No, you’ll need to install iOS 16.7.15—there have been 17 updates since 16.6. iOS 16 brings a redesigned Lock Screen with new ways to customize and widgets for information at a glance. Link your Lock Screen to a Focus and use Focus filters to filter out distracting content in apps. Big updates to Messages let you edit or…
Ack! so not only don’t I know what model it is but read your list wrong! Doh! will go to the link and see if things click in place then… Sorry! But it’s also on 16.6, so if I read your lists correctly, it’s already protected? No, you’ll need to install iOS 16.7.15—there have been 17 updates since 16.6. You will not be able to install anything but 26.3 (though I think it really should be 26.3.1).
If your phone is being offered iOS 26, you will not be able to install any other earlier version than that. iOS 16.7.15 is only offered for older phones that cannot run iOS 17 or newer. This is always the way – if your phone can run the latest update, and you have not kept up to date, the latest release is all that you can install. Apple has stopped signing those older releases for all but the devices that were no longer offered iOS 17.
OK thanks @ddmiller that clarifies things! The device is fairly low risk, stays mostly at home, takes very rare phone calls and texts and is used on the go for shopping apps, more or less no web browsing or email etc. Will look into reducing any personal data that might be at risk in unusual case of compromise.
Summary
This report covers the latest developments in iphone. The information presented highlights key changes and updates that are relevant to those following this topic.
Original Source: TidBITS | Author: Adam Engst | Published: March 13, 2026, 3:44 pm
Leave a Reply
You must be logged in to post a comment.