Apple fixes zero-day flaw used in 'extremely sophisticated' attacks

Source: Bleeping Computer

Apple has released security updates to fix a zero‑day vulnerability that was exploited in an “extremely sophisticated attack” targeting specific individuals.

Tracked as CVE‑2026‑20700, the flaw is an arbitrary code execution vulnerability in dyld, the Dynamic Link Editor used by Apple operating systems, including iOS, iPadOS, macOS, tvOS, watchOS, and visionOS. Apple’s security bulletin warns that an attacker with memory‑write capability may be able to execute arbitrary code on affected devices.

Apple says it is aware of reports that the flaw, along with CVE‑2025‑14174 and CVE‑2025‑43529 (fixed in December), were exploited in the same incidents.

“An attacker with memory write capability may be able to execute arbitrary code.” – Apple security bulletin
“Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE‑2025‑14174 and CVE‑2025‑43529 were also issued in response to this report.”

Apple notes that Google’s Threat Analysis Group discovered CVE‑2026‑20700, but no further details about the exploitation were provided.

Affected Devices

• iPhone 11 and later
• iPad Pro 12.9‑inch (3rd generation and later)
• iPad Pro 11‑inch (1st generation and later)
• iPad Air (3rd generation and later)
• iPad (8th generation and later)
• iPad mini (5th generation and later)
• Mac devices running macOS Tahoe

Fixes

The vulnerability has been patched in the following releases:

• iOS 18.7.5
• iPadOS 18.7.5
• macOS Tahoe 26.3
• tvOS 26.3
• watchOS 26.3
• visionOS 26.3

Users are advised to install the latest updates to protect their devices.

This is the first Apple zero‑day fixed in 2026, with the company fixing seven in 2025.