Apple has released crucial updates for iOS and macOS to address a zero-day vulnerability that has been actively exploited. The flaw, identified as CVE-2026-20700, is a memory corruption issue allowing arbitrary code execution.
Understanding the Vulnerability
The vulnerability is located in the Dynamic Link Editor (dyld), which is responsible for loading dynamic libraries into memory. This component acts as a bridge between application code and system frameworks, making it a critical part of system operations.
Apple acknowledged the flaw’s exploitation in highly sophisticated attacks aimed at specific targets using versions of iOS prior to iOS 26. The company also noted the vulnerability’s connection to two other zero-days, CVE-2025-14174 and CVE-2025-43529, both of which were patched in December 2025 in the WebKit engine.
Coordinated Patch Release
In a coordinated effort, Apple and Google have both addressed these vulnerabilities. A week before Apple’s updates, Google issued Chrome patches for CVE-2025-14174. These security threats were identified by Apple’s security team alongside Google’s Threat Analysis Group, indicating potential exploitation by commercial spyware entities.
Apple’s patches are now available in the latest releases: iOS 26.3, iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, watchOS 26.3, and visionOS 26.3. These updates resolve a significant number of vulnerabilities, including nearly 40 in iOS and iPadOS, and over 50 in macOS Tahoe.
Security Enhancements and Recommendations
The addressed vulnerabilities could have allowed various malicious activities such as information exposure, denial-of-service (DoS), arbitrary file writing, privilege escalation, network traffic interception, sandbox escape, and code execution. For older devices, Apple released security updates such as iOS 18.7.5 and macOS Sequoia 15.7.4.
Additionally, Safari 26.3 has been updated to fix eight security issues, including six affecting the WebKit browser engine. Users are strongly urged to update their devices immediately to protect against these potential exploits. Further details on the updates can be found on Apple’s security updates page.
Keeping devices updated is crucial as cyber threats evolve. Apple’s prompt response underscores the importance of timely security patches in safeguarding user data against sophisticated attacks.
