Apple Patches Zero-Day Flaw Used in Sophisticated Attacks

Apple has disclosed its first actively exploited zero-day vulnerability of 2026, affecting iPhones, iPads, Macs, and other devices. CVE-2026-20700, discovered by Google's Threat Intelligence Group, was exploited in what Apple describes as "an extremely sophisticated attack against specific targeted individuals."

Technical Details

The vulnerability resides in dyld (Dynamic Link Editor), Apple's open-source component responsible for securely loading applications across all Apple operating systems. The memory corruption flaw allows attackers with memory write capability to execute arbitrary code on vulnerable devices. The exploit was used against devices running versions of iOS before iOS 26, indicating sophisticated targeting of specific individuals.

Apple has not disclosed details about the attack campaigns or the threat actors involved, maintaining its typical practice of limiting information that could aid other attackers.

Patches Released Across All Platforms

Apple released updates for all affected platforms: iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, watchOS 26.3, and visionOS 26.3. The iOS and iPadOS updates address 38 total vulnerabilities, but CVE-2026-20700 is the only one disclosed as actively exploited before public disclosure.

Related WebKit Vulnerabilities

Apple noted that two additional WebKit vulnerabilities, CVE-2025-14174 and CVE-2025-43529, were previously disclosed in response to attacks involving CVE-2026-20700. This suggests attackers may have chained multiple exploits together to achieve their objectives, a common pattern in sophisticated targeted attacks.