Apple has released critical security updates for its entire product ecosystem, including iOS, iPadOS, macOS, tvOS, watchOS, and visionOS, to patch a newly discovered zero-day vulnerability that has already been exploited. This proactive measure aims to protect users from sophisticated cyber attacks that leverage memory corruption issues in Apple’s Dynamic Link Editor (dyld).
Apple Addresses Exploited Zero-Day Vulnerability CVE-2026-20700
The zero-day flaw, identified as CVE-2026-20700, represents Apple’s first actively exploited zero-day vulnerability of 2026. The vulnerability has been described as a memory corruption issue within dyld, Apple’s Dynamic Link Editor. Successful exploitation could grant an attacker the ability to execute arbitrary code on vulnerable devices, posing a significant risk to user data and system integrity.
According to Apple’s advisories, the company is aware that this specific issue may have been exploited in highly sophisticated attacks targeting “specific targeted individuals” on versions of iOS preceding iOS 26. This underscores the severity and targeted nature of the attacks observed.
In conjunction with the fix for CVE-2026-20700, Apple also addressed two other vulnerabilities, CVE-2025-14174 and CVE-2025-43529. These were also reported by Google’s Threat Analysis Group (TAG) and were previously patched by Apple in December 2025. CVE-2025-14174, an out-of-bounds memory access in ANGLE’s Metal renderer, was notably disclosed by Google as having been exploited in the wild.
Meanwhile, CVE-2025-43529 involved a use-after-free vulnerability within WebKit, which could lead to arbitrary code execution when a device processed specially crafted web content. These previously addressed bugs highlight a pattern of ongoing security challenges that Apple has been actively working to mitigate.
Affected Operating Systems and Devices
The latest security updates are available for a wide range of Apple devices and operating systems, ensuring broad protection against the zero-day threat.
Users can download and install the following updates:
iOS 26.3 and iPadOS 26.3 are available for iPhone 11 and later models, as well as various iPad models including iPad Pro (12.9-inch 3rd generation and later), iPad Pro (11-inch 1st generation and later), iPad Air (3rd generation and later), iPad (8th generation and later), and iPad mini (5th generation and later).
macOS Tahoe 26.3 addresses the vulnerability for Mac computers running macOS Tahoe.
tvOS 26.3 is released for Apple TV HD and Apple TV 4K (all models).
watchOS 26.3 provides protection for Apple Watch Series 6 and later models.
visionOS 26.3 is available for Apple Vision Pro (all models).
Additionally, Apple has rolled out updates to resolve multiple other vulnerabilities affecting older versions of iOS, iPadOS, macOS, and Safari. These comprehensive patch efforts demonstrate Apple’s commitment to maintaining the security posture of its vast user base.
Last year, Apple patched a total of nine zero-day vulnerabilities that were confirmed to have been exploited in real-world attacks. The swift release of these new updates for the 2026 zero-day indicates a continued focus on rapidly responding to emerging threats and protecting users from targeted cyber espionage and other malicious activities.
Users are strongly encouraged to apply these updates as soon as possible to safeguard their devices and personal information. The next steps for Apple will likely involve continued monitoring for any further exploitation attempts and proactive development of future security patches to address evolving threat landscapes.