Apple Resolves Zero-Day Flaw Exploited in Sophisticated Attacks
Apple has recently addressed a critical zero-day vulnerability identified as CVE-2026-20700. This issue posed a significant threat as it was exploited in advanced attacks targeting specific individuals.
Details of the Vulnerability
The flaw relates to arbitrary code execution within dyld, the Dynamic Link Editor, utilized across multiple Apple operating systems. These include:
- iOS
- iPadOS
- macOS
- tvOS
- watchOS
- visionOS
According to Apple’s security bulletin, an individual with the capability to manipulate memory could potentially execute arbitrary code on affected devices.
Exploitation and Affected Devices
Apple has acknowledged that CVE-2026-20700 might have been exploited in conjunction with other vulnerabilities, specifically CVE-2025-14174 and CVE-2025-43529. These prior flaws were also associated with sophisticated targeting techniques against particular users on older iOS versions.
Devices susceptible to this vulnerability include:
- iPhone 11 and later
- iPad Pro 12.9-inch (3rd generation and later)
- iPad Pro 11-inch (1st generation and later)
- iPad Air (3rd generation and later)
- iPad (8th generation and later)
- iPad mini (5th generation and later)
- Mac devices running macOS Tahoe
Resolution and Recommendations
Apple has resolved this vulnerability in its latest software updates. Users are strongly encouraged to install the following updates:
- iOS 18.7.5
- iPadOS 18.7.5
- macOS Tahoe 26.3
- tvOS 26.3
- watchOS 26.3
- visionOS 26.3
This incident marks the first zero-day vulnerability addressed by Apple in 2026. In comparison, seven zero-day vulnerabilities were resolved throughout 2025.
To enhance device security, users are urged to promptly implement updates to protect against potential threats.
