Apple has released emergency security updates to patch a zero-day vulnerability that was actively exploited in what the company describes as “extremely sophisticated” attacks targeting specific individuals.
Technical Details
The vulnerability, tracked as CVE-2026-20700, is an arbitrary code execution flaw in dyld, the Dynamic Link Editor used across Apple’s operating systems including iOS, iPadOS, macOS, tvOS, watchOS, and visionOS.
According to Apple’s security bulletin, an attacker with memory write capability could leverage this vulnerability to execute arbitrary code on affected devices.
Google TAG Discovery
The vulnerability was discovered by Google’s Threat Analysis Group (TAG), a team known for tracking sophisticated nation-state and advanced threat actors. Apple did not provide additional details about how the vulnerability was exploited or who the targeted individuals were.
Apple confirmed this vulnerability was chained with two previously patched flaws — CVE-2025-14174 and CVE-2025-43529, which were fixed in December — as part of the same targeted attack campaign.
Affected Devices
The vulnerability affects a wide range of Apple devices:
- iPhone 11 and later
- iPad Pro 12.9-inch (3rd generation and later)
- iPad Pro 11-inch (1st generation and later)
- iPad Air (3rd generation and later)
- iPad (8th generation and later)
- iPad mini (5th generation and later)
- Mac devices running macOS Tahoe
Patched Versions
Apple has addressed the vulnerability in the following updates:
- iOS 18.7.5
- iPadOS 18.7.5
- macOS Tahoe 26.3
- tvOS 26.3
- watchOS 26.3
- visionOS 26.3
Security Implications
This marks the first Apple zero-day patched in 2026, following seven zero-day vulnerabilities addressed throughout 2025. The involvement of Google TAG in discovering the flaw, combined with Apple’s characterization of the attacks as “extremely sophisticated” against “specific targeted individuals,” suggests potential nation-state involvement.
Organizations and individuals using Apple devices should apply these updates immediately. While the attacks appear highly targeted, proof-of-concept exploits or broader exploitation could emerge now that the vulnerability has been disclosed.
Recommendations
- Update immediately: Install the latest security updates on all Apple devices
- Enable automatic updates: Ensure devices are configured for automatic security updates
- High-value targets: Organizations and individuals who may be targets of sophisticated threat actors should prioritize patching
- Monitor for indicators: Security teams should watch for additional threat intelligence from Google TAG or Apple regarding exploitation details
Source: BleepingComputer
