Home / mailings APPLE-SA-03-11-2026-2 iOS 15.8.7 and iPadOS 15.8.7
Posted on 12 March 2026
Apple Security-announceAPPLE-SA-03-11-2026-2 iOS 15.8.7 and iPadOS 15.8.7
iOS 15.8.7 and iPadOS 15.8.7 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/126632.
Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.
Kernel
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE
(1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch
(7th generation)
Impact: An app may be able to execute arbitrary code with kernel
privileges. This fix associated with the Coruna exploit was shipped in
iOS 17 on September 18, 2023. This update brings that fix to devices
that cannot update to the latest iOS version.
Description: A use-after-free issue was addressed with improved memory
management.
CVE-2023-41974: F=C3=A9lix Poulin-B=C3=A9langer
WebKit
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE
(1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch
(7th generation)
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution. This fix associated with the Coruna exploit was shipped
in iOS 17.3 on January 22, 2024. This update brings that fix to devices
that cannot update to the latest iOS version.
Description: A type confusion issue was addressed with improved checks.
WebKit Bugzilla: 267134
CVE-2024-23222
WebKit
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE
(1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch
(7th generation)
Impact: Processing maliciously crafted web content may lead to memory
corruption. This fix associated with the Coruna exploit was shipped in
iOS 16.6 on July 24, 2023. This update brings that fix to devices that
cannot update to the latest iOS version.
Description: A use-after-free issue was addressed with improved memory
management.
WebKit Bugzilla: 255951
CVE-2023-43000: Apple
WebKit
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE
(1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch
(7th generation)
Impact: Processing maliciously crafted web content may lead to memory
corruption. This fix associated with the Coruna exploit was shipped in
iOS 17.2 on December 11th, 2023. This update brings that fix to devices
that cannot update to the latest iOS version.
Description: The issue was addressed with improved memory handling.
WebKit Bugzilla: 260913
CVE-2023-43010: Apple
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "iOS 15.8.7 and iPadOS 15.8.7".
All information is also posted on the Apple Security Releases
web site: https://support.apple.com/100100.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
