Apple Releases Essential Update for ‘Coruna’ Vulnerability

Nicholas Kinports on March 15, 2026


We independently review everything we recommend. When you buy through our links, we may earn a commission which is paid directly to our Australia-based writers, editors, and support staff. Thank you for your support!

Apple Releases Essential Update for 'Coruna' Vulnerability

Summary Overview

  • Apple launches iOS 15.8.7 and iOS 16.7.15 to resolve Coruna vulnerabilities.
  • The Coruna exploit encompasses 23 vulnerabilities across iOS versions 13 through 17.2.1.
  • Detected by Google’s Threat Intelligence Group in early 2026.
  • Coruna is exploited by both state-sponsored and financially motivated actors.

Update Rollout for iOS and iPadOS

Apple has introduced crucial updates, iOS 15.8.7 and iOS 16.7.15, to tackle vulnerabilities linked to the Coruna exploit. These enhancements are vital for devices that cannot upgrade to the latest iOS iteration, helping to keep older devices secure. Corresponding versions of iPadOS have been provided with these updates as well.

Understanding the Coruna Exploit

The Coruna exploit toolkit, noted by Google’s Threat Intelligence Group (GTIG) in early 2026, comprises 23 exploits across five comprehensive iOS exploit chains. This toolkit specifically targets devices operating on iOS versions from 13 to 17.2.1, utilizing sophisticated techniques alongside non-public exploitation methods and evasion strategies.

Chronology and Identification of Coruna

First detected by GTIG in February 2026, Coruna was associated with a client of a commercial surveillance vendor. It was subsequently traced back to watering hole attacks orchestrated by UNC6353, a group believed to be state-sponsored from Russia, which aimed at Ukrainian websites. GTIG further linked Coruna to a financially driven Chinese criminal organization that propagated the exploit through counterfeit cryptocurrency exchanges and gambling platforms.

Apple Releases Essential Update for 'Coruna' Vulnerability

Source: GTIG

Investigating Coruna’s Architecture

Researchers obtained significant insights into the exploit’s framework after a threat actor inadvertently deployed a debug version. This mistake revealed internal code designations and documentation, illuminating the exploit’s complex architecture.

Conclusion

In light of the Coruna exploit, Apple has proactively rolled out updates for legacy iOS and iPadOS versions, protecting users from potential dangers. The partnership between industry figures like Google and security firms highlights the necessity for diligence and prompt responses to emerging cyber threats.

FAQs

Q: Which devices are impacted by the Coruna exploit?

A: Devices running on iOS versions 13 to 17.2.1 are impacted by the Coruna exploit.

Q: How did analysts unearth the specifics of the Coruna exploit?

A: Analysts uncovered the specifics after a threat actor accidentally released a debug version of the exploit, disclosing internal code names and documentation.

Q: Who is behind the Coruna attacks?

A: The attacks have been associated with a suspected Russian state-sponsored group and a financially motivated Chinese criminal organization.

Q: What steps has Apple taken regarding the Coruna vulnerabilities?

A: Apple has launched iOS 15.8.7 and iOS 16.7.15 updates to rectify the vulnerabilities related to Coruna for earlier devices.

Leave a Reply

Your email address will not be published. Required fields are marked *