Apple Patches Actively Exploited Zero-Day Affecting iOS, macOS, and Apple Devices
#Vulnerabilities

Apple Patches Actively Exploited Zero-Day Affecting iOS, macOS, and Apple Devices

Security Reporter
3 min read

Apple has released critical security updates for iOS, macOS, and other operating systems to address CVE-2026-20700, a memory corruption flaw in dyld that has been exploited in sophisticated attacks against specific targets.

Apple has released critical security updates across its ecosystem to address an actively exploited zero-day vulnerability that has been used in sophisticated cyber attacks targeting specific individuals. The flaw, tracked as CVE-2026-20700, is a memory corruption issue in dyld, Apple's Dynamic Link Editor, which could allow attackers with memory write capability to execute arbitrary code on affected devices.

The Vulnerability and Its Discovery

The vulnerability was discovered and reported by Google Threat Analysis Group (TAG), which has been credited with uncovering this and related security issues. According to Apple's advisory, the company is aware of a report indicating that this issue may have been exploited in "an extremely sophisticated attack against specific targeted individuals" on versions of iOS before iOS 26.

This disclosure is particularly concerning because it demonstrates that advanced threat actors have been actively exploiting this vulnerability in the wild, making the patch rollout critical for users who may be targeted.

In addition to CVE-2026-20700, Apple issued patches for two other vulnerabilities that were part of the same security report:

  • CVE-2025-14174 (CVSS score: 8.8): An out-of-bounds memory access in ANGLE's Metal renderer component. Metal is Apple's high-performance hardware-accelerated graphics and compute API.
  • CVE-2025-43529 (CVSS score: 8.8): A use-after-free vulnerability in WebKit that could lead to arbitrary code execution when processing maliciously crafted web content.

Both of these vulnerabilities were previously addressed by Apple in December 2025, with CVE-2025-14174 first disclosed by Google as having been exploited in the wild.

Devices and Operating Systems Affected

Apple has released updates for the following devices and operating systems:

Latest Generation Updates

  • iOS 26.3 and iPadOS 26.3: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
  • macOS Tahoe 26.3: Macs running macOS Tahoe
  • tvOS 26.3: Apple TV HD and Apple TV 4K (all models)
  • watchOS 26.3: Apple Watch Series 6 and later
  • visionOS 26.3: Apple Vision Pro (all models)

Legacy System Updates

  • iOS 18.7.5 and iPadOS 18.7.5: iPhone XS, iPhone XS Max, iPhone XR, iPad 7th generation
  • macOS Sequoia 15.7.4: Macs running macOS Sequoia
  • macOS Sonoma 14.8.4: Macs running macOS Sonoma
  • Safari 26.3: Macs running macOS Sonoma and macOS Sequoia

Context and Significance

With this patch, Apple has addressed its first actively exploited zero-day vulnerability in 2026. This follows a year in which the company patched nine zero-day vulnerabilities that were exploited in the wild in 2025, highlighting the ongoing challenge of securing complex software ecosystems against sophisticated attackers.

Memory corruption vulnerabilities like CVE-2026-20700 are particularly dangerous because they can provide attackers with powerful capabilities, including arbitrary code execution, which can lead to complete system compromise. The fact that this vulnerability has been used in "extremely sophisticated" attacks suggests that well-resourced threat actors are behind these campaigns, likely targeting high-value individuals or organizations.

Immediate Action Required

Given the active exploitation of these vulnerabilities, security experts strongly recommend that all affected users update their devices to the latest available versions immediately. The updates are being rolled out through the standard software update mechanisms on Apple devices, and users should check for updates in their device settings if they haven't received automatic notifications.

The combination of memory corruption flaws in core system components like dyld and WebKit, along with the exploitation of graphics rendering vulnerabilities, demonstrates the diverse attack surface that modern operating systems present to threat actors. Apple's rapid response to these issues underscores the importance of timely patch management in defending against sophisticated cyber threats.

#Apple#Zero_Day#CVE-2026-20700#dyld#iOS

Comments

Loading comments...
Back to Home