Quick Brief
- iOS 15.8.7 (build 19H411) released March 11, 2026, patches 4 kernel and WebKit vulnerabilities tied to the Coruna exploit kit
- The Coruna exploit kit uses 23 exploits across 5 full iOS exploit chains targeting iOS 13 through iOS 17.2.1
- Affected devices include iPhone 6s, iPhone 7, iPhone SE (1st gen), iPad Air 2, iPad mini (4th gen), and iPod touch (7th gen)
- Install via Settings > General > Software Update; apply immediately as this is an actively exploited threat
Apple does not backport security patches to decade-old hardware unless the threat is serious and confirmed active. iOS 15.8.7 closes four vulnerabilities tied to the Coruna exploit kit, a chained attack framework that Google and iVerify publicly disclosed in early March 2026. If your iPhone 6s, iPhone 7, or first-generation iPhone SE is still in daily use, this update is not optional.
What the Coruna Exploit Kit Actually Does
Coruna is not a single flaw. It is an exploit kit that chains 23 vulnerabilities across 5 full iOS exploit sequences to target iPhones running iOS versions between 13.0 and 17.2.1. Google and iVerify published the details of Coruna publicly before Apple confirmed the patches, which accelerated Apple’s response timeline.
iVerify tracks the malware framework that uses this exploit kit under the name CryptoWaters, and researchers note it has similarities to previous frameworks developed by threat actors with U.S. government affiliations. Coruna also uses two exploits, CVE-2023-32434 and CVE-2023-38606, that were previously weaponized as zero-days in the 2023 Operation Triangulation campaign targeting users in Russia.
4 Vulnerabilities Patched in iOS 15.8.7
Apple’s official security advisory confirms four CVE-identified flaws fixed in this release:
| CVE ID | Component | Impact | Original Fix |
|---|---|---|---|
| CVE-2023-41974 | Kernel | An app may be able to execute arbitrary code with kernel privileges | iOS 17, Sept 18, 2023 |
| CVE-2024-23222 | WebKit | Processing maliciously crafted web content may lead to arbitrary code execution | iOS 17.3, Jan 22, 2024 |
| CVE-2023-43000 | WebKit | Processing maliciously crafted web content may lead to memory corruption | iOS 16.6, Jul 24, 2023 |
| CVE-2023-43010 | WebKit | Processing maliciously crafted web content may lead to memory corruption | iOS 17.2, Dec 11, 2023 |
Each fix was first shipped in a newer iOS version between mid-2023 and early 2024. iOS 15.8.7 now delivers the same protection to devices that cannot run iOS 16 or later.
CVE-2023-41974 was discovered by Félix Poulin-Bélanger. CVE-2023-43000 and CVE-2023-43010 were credited to Apple’s own security team.
Which Devices Receive iOS 15.8.7
This update covers only devices that are capped at iOS 15 and cannot run iOS 16 or later:
- iPhone 6s (all models)
- iPhone 6s Plus
- iPhone 7 (all models)
- iPhone 7 Plus
- iPhone SE (1st generation)
- iPad Air 2
- iPad mini (4th generation)
- iPod touch (7th generation)
Devices such as iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch (1st generation) receive the parallel iOS 16.7.15 update instead. If your device supports iOS 16, you will not see iOS 15.8.7 in your update prompt.
How to Install iOS 15.8.7
The update is available over the air with no computer required:
- Open Settings, tap General, then tap Software Update
- Confirm “iOS 15.8.7” appears, then tap Download and Install
- Connect to Wi-Fi and ensure adequate battery charge or plug in the charger
- Enter your passcode and accept the terms
- After the restart, confirm under Settings > General > About that the version reads 15.8.7 (build 19H411)
iOS 15.8.7 vs iOS 16.7.15: What Changed for Each Group
Both updates were released on March 11, 2026, and both address Coruna exploit kit vulnerabilities for devices that cannot run the latest iOS version. The scope differs by hardware tier:
| Update | Target Devices | CVEs Patched | Release Date |
|---|---|---|---|
| iOS 15.8.7 (19H411) | iPhone 6s, 7, SE 1st gen, iPad Air 2, iPad mini 4th gen, iPod touch 7th gen | 4 (CVE-2023-41974, CVE-2024-23222, CVE-2023-43000, CVE-2023-43010) | March 11, 2026 |
| iOS 16.7.15 | iPhone 8, 8 Plus, X, iPad 5th gen, iPad Pro 9.7-inch, iPad Pro 12.9-inch 1st gen | 1 (CVE-2023-43010 only) | March 11, 2026 |
iOS 15.8.7 patches three additional vulnerabilities beyond what iOS 16.7.15 addresses, because devices on iOS 15 missed three earlier security releases that iOS 16 users already received.
Why Apple Still Patches These Devices
Apple’s decision to backport these fixes reflects the severity of the Coruna threat and the active exploitation history of these vulnerabilities. An unpatched device running a known exploitable iOS version becomes an entry point for silent kernel-level code execution, the deepest possible compromise of the operating system.
Forbes issued an explicit warning on March 12, 2026, urging all users with older iPhones to check for and install this update immediately. The urgency is grounded in confirmed exploitation: Coruna’s constituent vulnerabilities have active, documented exploit histories.
Considerations
This update adds no features, does not improve performance, and does not extend the supported lifespan of these devices. iOS 15.8.7 is a security-only release. Apple has not committed to any future iOS 15 updates, and each patch in this series could be the last. Users on iPhone 6s or iPhone 7 who depend on modern apps should evaluate upgrading to a current-generation device for sustained security coverage going forward.
Frequently Asked Questions (FAQs)
What is iOS 15.8.7 and why was it released?
iOS 15.8.7 (build 19H411) is a security-only update released by Apple on March 11, 2026. It patches four kernel and WebKit vulnerabilities directly associated with the Coruna exploit kit, which uses 23 exploits across five attack chains to target older iOS devices.
Which iPhones are compatible with the iOS 15.8.7 update?
iOS 15.8.7 is available for the iPhone 6s (all models), iPhone 7 (all models), and the first-generation iPhone SE. It also covers the iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation). Devices newer than these receive the iOS 16.7.15 update instead.
What is the Coruna exploit kit and how does it affect my device?
Coruna is an exploit kit that chains 23 vulnerabilities across 5 full iOS exploit sequences. It targets iPhones and iPads running iOS 13 through iOS 17.2.1, enabling an attacker to potentially execute arbitrary code with kernel privileges or via malicious web content. Google and iVerify publicly disclosed it in early March 2026.
Does iOS 15.8.7 improve battery life or add new features?
No. This is a pure security patch with no feature additions, performance improvements, or UI changes. Its sole purpose is to close the four CVE-identified vulnerabilities associated with the Coruna exploit kit. Any change you notice in device behavior after the update is unrelated to the patch itself.
What is the difference between iOS 15.8.7 and iOS 16.7.15?
Both updates were released on the same day to address Coruna exploit vulnerabilities on older devices. iOS 15.8.7 patches four CVEs for devices capped at iOS 15. iOS 16.7.15 patches only one CVE (CVE-2023-43010) for devices capped at iOS 16, because those devices already received the other three fixes in earlier iOS 16 releases.
Who discovered the CVEs patched in iOS 15.8.7?
CVE-2023-41974 was discovered by security researcher Félix Poulin-Bélanger. CVE-2023-43000 and CVE-2023-43010 were credited to Apple’s own security team. CVE-2024-23222 has no public researcher attribution listed in Apple’s advisory.
Is Coruna linked to any known threat actor or government?
iVerify notes that the CryptoWaters malware framework, which uses the Coruna exploit kit, has similarities to frameworks associated with U.S. government-affiliated threat actors. However, Kaspersky researchers caution that attribution based solely on shared vulnerability exploitation is insufficient. No confirmed attribution to a specific group has been established.
How do I confirm iOS 15.8.7 installed correctly?
After the update completes and your device restarts, go to Settings > General > About. The version field should read “15.8.7” and the build number should show “19H411.” If the build number differs, the update did not complete successfully and you should retry via Settings > General > Software Update.
