Quick Brief
- Apple released iOS 16.7.15 and iPadOS 16.7.15 (build 20H380) on March 11, 2026 for iPhones and iPads that cannot run iOS 17
- The update patches the Coruna exploit, a WebKit vulnerability originally fixed in iOS 17.2 on December 11, 2023, now backported to older devices
- Supported devices include iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation
- Install via Settings > General > Software Update; this is a security-only release with no new features
Apple has done something most companies refuse to do: it patched a 2023 security exploit on hardware approaching a decade old. iOS 16.7.15 and iPadOS 16.7.15 are targeted, no-frills security releases that close a real attack vector on devices that will never run iOS 17. If your iPhone or iPad is on the supported list, this update warrants immediate attention.
What iOS 16.7.15 Actually Fixes
The single security fix in this update targets WebKit, the browser engine that powers Safari and every in-app browser on iOS. According to Apple’s official security notes, processing maliciously crafted web content may lead to memory corruption. In plain terms: visiting the wrong webpage could give an attacker an opening into your device.
Apple identifies this as the Coruna exploit, disclosed by Google last week relative to the March 11 release date. Apple had already resolved this in iOS 17.2 on December 11, 2023, but devices locked to iOS 16 and below never received that fix until now. Today’s release brings that same patch to older hardware that cannot update to the latest iOS version.
Apple states the issue was resolved with “improved memory handling” in the WebKit engine. The CVE identifier is CVE-2023-43010, with Apple listed as the discoverer, and the associated WebKit Bugzilla reference is 260913.
Supported Devices: Does Your iPhone or iPad Qualify?
iOS 16.7.15 is available for a specific tier of older Apple hardware. These devices can run iOS 16 but are ineligible for iOS 17 or later.
Eligible iPhones for iOS 16.7.15:
- iPhone 8
- iPhone 8 Plus
- iPhone X
Eligible iPads for iPadOS 16.7.15:
- iPad 5th generation
- iPad Pro 9.7-inch
- iPad Pro 12.9-inch 1st generation
If your device is older than this tier, Apple has simultaneously released iOS 15.8.7 and iPadOS 15.8.7 (build 19H411), which covers the iPhone 6s, iPhone 6s Plus, iPhone 7, iPhone 7 Plus, iPhone SE 1st generation, iPod touch 7th generation, iPad Air 2, and iPad mini 4. Devices running iOS 17 or newer are unaffected and will not see this update in Software Update.
The Coruna Exploit: Why This Patch Matters
The Coruna exploit is a documented attack toolkit that Google disclosed publicly in early March 2026. Apple confirms that all issues addressed in this release were previously fixed in various iOS 16 and iOS 17 updates, and today’s release brings those same fixes to devices that cannot run iOS 17 or later.
The attack vector, as stated by Apple, is processing maliciously crafted web content. This requires no file download or deliberate action beyond loading a compromised webpage, making it a passive threat for anyone browsing the web on an unpatched device. The fix applies directly to WebKit, the underlying engine used by Safari and all in-app browsers on iOS.
Apple has committed to providing security updates for iPhones for at least five years after launch, but the company regularly provides fixes well beyond that window. Earlier in 2026, the iPhone 5s received a software update 13 years after its original launch, demonstrating Apple’s continued commitment to legacy hardware security.
How to Install iOS 16.7.15 and iPadOS 16.7.15
The update process requires no computer, iTunes, or Finder connection. Follow these steps:
- Open the Settings app on your iPhone or iPad
- Tap General, then tap Software Update
- If iOS 16.7.15 or iPadOS 16.7.15 appears, tap Download and Install
- Enter your passcode if prompted and allow the device to restart
Devices with automatic updates enabled will receive the patch automatically in the coming days. For manual installation using a firmware file, you can locate the correct IPSW for your device using Apple’s official download page or a firmware directory. Back up your device before updating as a standard precaution.
iOS 16.7.15 vs iOS 15.8.7: Which Update Applies to You?
| Detail | iOS 16.7.15 / iPadOS 16.7.15 | iOS 15.8.7 / iPadOS 15.8.7 |
|---|---|---|
| Build number | 20H380 | 19H411 |
| Target iPhones | iPhone 8, iPhone 8 Plus, iPhone X | iPhone 6s, iPhone 6s Plus, iPhone 7, iPhone 7 Plus, iPhone SE 1st gen |
| Target iPads | iPad 5th gen, iPad Pro 9.7-in, iPad Pro 12.9-in 1st gen | iPad Air 2, iPad mini 4 |
| Other devices | None | iPod touch 7th generation |
| Security fix | CVE-2023-43010 (WebKit/Coruna) | Same fix, different branch |
| Release date | March 11, 2026 | March 11, 2026 |
| New features | None | None |
Both releases address the same Coruna exploit and were shipped simultaneously on March 11, 2026. The only distinction is the hardware tier and iOS branch each update targets.
Limitations and Honest Considerations
These updates carry no new features, performance improvements, or interface changes. Apple’s sole intent is patching a known security vulnerability. Older devices running iOS 16 also face broader ecosystem constraints: many modern apps have progressively dropped iOS 16 support, and hardware performance on aging devices naturally declines with battery age. This patch extends the security lifespan of these devices, not their functional capability. Users who need a more capable daily driver should treat this as a maintenance fix and plan accordingly.
iOS and iPadOS26.4 Beta 4 (23E5234a) Arrives: What Changes on Your iPhone and iPad Right Now
Frequently Asked Questions (FAQs)
What is iOS 16.7.15 and why did Apple release it?
iOS 16.7.15 is a security-only update released on March 11, 2026 for iPhones and iPads that cannot run iOS 17. It patches CVE-2023-43010, a WebKit memory corruption vulnerability connected to the Coruna exploit disclosed by Google. No new features are included in this release.
Which devices are compatible with iOS 16.7.15?
The update supports iPhone 8, iPhone 8 Plus, and iPhone X, along with iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation. These are the devices capable of running iOS 16 but ineligible for iOS 17 or later.
What is the Coruna exploit?
The Coruna exploit is an attack toolkit disclosed by Google in early March 2026 that targets WebKit, the engine behind Safari and all in-app browsers on iOS. Apple states that processing maliciously crafted web content through WebKit may lead to memory corruption on unpatched devices.
What build number does iOS 16.7.15 use?
iOS 16.7.15 and iPadOS 16.7.15 both use build number 20H380. You can confirm the installed version on your device by going to Settings > General > About and checking the iOS Version field.
My device is older than iPhone 8. Is there an update for me?
Yes. Apple released iOS 15.8.7 and iPadOS 15.8.7 (build 19H411) on the same day, covering iPhone 6s, iPhone 6s Plus, iPhone 7, iPhone 7 Plus, iPhone SE 1st generation, iPod touch 7th generation, iPad Air 2, and iPad mini 4.
Was the Coruna exploit already fixed on newer iOS versions?
Yes. Apple confirms all issues addressed in this release were previously fixed in various iOS 16 and iOS 17 updates. The original fix for this WebKit vulnerability shipped in iOS 17.2 on December 11, 2023. Today’s release backports that fix to devices that cannot upgrade beyond iOS 16.
Does iOS 16.7.15 include any new features or performance improvements?
No. This is a security-only release. Apple has not introduced any new features, interface changes, or performance optimizations in iOS 16.7.15 or iPadOS 16.7.15. The sole purpose of the update is to patch the Coruna-related WebKit vulnerability.
How long will Apple continue releasing security updates for older iPhones?
Apple has committed to a minimum of five years of security updates after launch. In practice, Apple often goes much further: earlier in 2026, the iPhone 5s received a software update 13 years after its initial release. There is no publicly announced end date for iOS 16 security support.
