Apple has released urgent security updates to fix a zero-day vulnerability that the company says was exploited in an “extremely sophisticated attack” targeting specific individuals.
The flaw, tracked as CVE-2026-20700, affects dyld, Apple’s Dynamic Link Editor, a core component used across its operating systems.
According to Apple’s security bulletin, the vulnerability allows arbitrary code execution if an attacker can write to memory. Apple confirmed it is aware of reports showing the flaw was actively exploited in targeted attacks against users running versions of iOS before iOS 26. The company provided no technical details about the attacks, citing their highly targeted nature.
Apple also revealed that CVE-2026-20700 was exploited alongside two earlier vulnerabilities, CVE-2025-14174 and CVE-2025-43529, which were patched in December 2025. All three flaws were reportedly used in the same attack chain. The discovery of the new zero-day has been credited to Google Threat Analysis Group.
The dyld vulnerability impacts a wide range of Apple devices, including iPhones, iPads, Macs, Apple Watches, Apple TVs, and Vision Pro hardware. Apple confirmed that affected devices include iPhone 11 and newer models, multiple generations of iPad and iPad Pro, and Macs running macOS Tahoe.
Apple has addressed the issue in the following updates: iOS 18.7.5, iPadOS 18.7.5, macOS Tahoe 26.3, tvOS 26.3, watchOS 26.3, and visionOS 26.3. While Apple emphasized that the attacks were highly targeted rather than widespread, it strongly recommends that all users install the latest updates as soon as possible.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
