Apple has launched safety updates to repair a zero-day vulnerability that was exploited in an “extraordinarily refined assault” focusing on particular people.
Tracked as CVE-2026-20700, the flaw is an arbitrary code execution vulnerability in dyld, the Dynamic Hyperlink Editor utilized by Apple working programs, together with iOS, iPadOS, macOS, tvOS, watchOS, and visionOS.
Apple’s safety bulletin warns that an attacker with reminiscence write functionality could possibly execute arbitrary code on affected gadgets.
Apple says it’s conscious of studies that the flaw, together with the CVE-2025-14174 and CVE-2025-43529 flaws fastened in December, have been exploited in the identical incidents.
“An attacker with reminiscence write functionality could possibly execute arbitrary code,” reads Apple’s safety bulletin.
“Apple is conscious of a report that this subject could have been exploited in an especially refined assault towards particular focused people on variations of iOS earlier than iOS 26. CVE-2025-14174 and CVE-2025-43529 have been additionally issued in response to this report.”
Apple says Google’s Risk Evaluation Group found CVE-2026-20700. The corporate didn’t present any additional particulars about how the vulnerability was exploited.
Affected gadgets embody:
- iPhone 11 and later
- iPad Professional 12.9-inch (third era and later)
- iPad Professional 11-inch (1st era and later)
- iPad Air (third era and later)
- iPad (eighth era and later)
- iPad mini (fifth era and later)
- Mac gadgets working macOS Tahoe
Apple fastened the vulnerability in iOS 18.7.5, iPadOS 18.7.5, macOS Tahoe 26.3, tvOS 26.3, watchOS 26.3, and visionOS 26.3.
Whereas Apple says the flaw was exploited in focused assaults, customers are suggested to put in the most recent updates to guard their gadgets.
That is the primary Apple zero-day fastened in 2026, with the corporate fixing seven in 2025.
Fashionable IT infrastructure strikes quicker than handbook workflows can deal with.
On this new Tines information, find out how your group can cut back hidden handbook delays, enhance reliability by way of automated response, and construct and scale clever workflows on prime of instruments you already use.
