Apple Patches Zero-Day Vulnerability in Devices

Apple Patches Zero-Day Vulnerability in Devices

Posted on By CWS

On Wednesday, Apple issued updates for its iOS, iPadOS, macOS Tahoe, tvOS, watchOS, and visionOS to fix a zero-day vulnerability. This security flaw, identified as CVE-2026-20700, is a memory corruption issue within Apple’s Dynamic Link Editor, dyld. The vulnerability, discovered by Google’s Threat Analysis Group (TAG), has been involved in sophisticated cyber attacks targeting specific individuals.

Details of the Security Flaw

The zero-day vulnerability could allow attackers with memory write capabilities to execute arbitrary code on affected devices. This issue is particularly severe as it has been exploited in targeted attacks on versions of iOS prior to iOS 26. Apple has also responded to reports concerning CVE-2025-14174 and CVE-2025-43529, which were similarly exploited.

In December 2025, Apple addressed CVE-2025-14174, related to out-of-bounds memory access in ANGLE’s Metal renderer. Metal is Apple’s API for high-performance graphics and computation. Meanwhile, CVE-2025-43529 is a use-after-free vulnerability in WebKit, which could lead to arbitrary code execution via malicious web content.

Device Compatibility and Updates

The latest updates are compatible with a range of Apple devices. iOS 26.3 and iPadOS 26.3 are available for iPhone 11 and later, various iPad Pro models, iPad Air, and iPad mini generations. Mac users with macOS Tahoe can update to version 26.3. tvOS 26.3 applies to Apple TV HD and Apple TV 4K, while watchOS 26.3 is for Apple Watch Series 6 and later. VisionOS 26.3 updates are also available for all Apple Vision Pro models.

In addition to these updates, Apple has released patches for older versions of iOS, iPadOS, macOS, and Safari to resolve multiple vulnerabilities, enhancing the security of its ecosystem.

Significance and Future Security Measures

This update marks Apple’s first publicly acknowledged zero-day patch for 2026. Last year, the company addressed nine zero-day vulnerabilities that were actively exploited in the wild. Apple’s swift response highlights its commitment to securing its platforms against emerging threats.

As cyber threats continue to evolve, Apple remains vigilant, prioritizing the security of its users’ data and devices. Users are advised to promptly update their devices to benefit from the latest security enhancements.

The Hacker News Tags:, , , , , , , , ,

Related Posts

NGINX Vulnerability Exploited in Web Traffic Hijacking NGINX Vulnerability Exploited in Web Traffic Hijacking The Hacker News
CISA Orders Immediate Patch of Critical Sitecore Vulnerability Under Active Exploitation CISA Orders Immediate Patch of Critical Sitecore Vulnerability Under Active Exploitation The Hacker News
Microsoft Issues Security Fixes for 56 Flaws, Including Active Exploit and Two Zero-Days Microsoft Issues Security Fixes for 56 Flaws, Including Active Exploit and Two Zero-Days The Hacker News
New WireTap Attack Extracts Intel SGX ECDSA Key via DDR4 Memory-Bus Interposer New WireTap Attack Extracts Intel SGX ECDSA Key via DDR4 Memory-Bus Interposer The Hacker News
Evelyn Stealer Malware Abuses VS Code Extensions to Steal Developer Credentials and Crypto Evelyn Stealer Malware Abuses VS Code Extensions to Steal Developer Credentials and Crypto The Hacker News
CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises The Hacker News