CVE-2026-20700: Apple Fixes Zero-Day Impacting iPhone, Mac, and Apple Watch

By /
apple zero-day zero day

Apple has released a series of important security updates to fix a dangerous zero-day vulnerability that was actively exploited in real-world cyber attacks. The flaw affects multiple operating systems, including iOS, iPadOS, macOS, watchOS, tvOS, and visionOS. According to reports, the attacks were highly sophisticated and targeted a small number of specific individuals.

These updates are critical for users who want to keep their devices safe from advanced threats, especially since the vulnerability was already being used by attackers before the fix was released.

The security issue is tracked as CVE-2026-20700 and has a CVSS severity score of 7.8, which places it in the high-risk category. This flaw is described as a memory corruption vulnerability in a system component called dyld, short for Dynamic Link Editor.

Dyld is a core part of Apple’s operating systems. It helps apps load the libraries they need to run. Because dyld operates at a low system level, a vulnerability in this component can be very dangerous.

If exploited successfully, this flaw could allow an attacker with memory write access to execute arbitrary code on an affected device. In simple terms, that means an attacker could potentially take control of the device, steal data, spy on activity, or install malicious software.

Apple confirmed that it is aware of reports showing this issue was used in “extremely sophisticated attacks” against targeted individuals running older versions of iOS.

The zero-day vulnerability was discovered and reported by the Google Threat Analysis Group (TAG). Google TAG is well known for investigating advanced cyber attacks, including those linked to nation-state actors and spyware campaigns.

When a vulnerability is found by a group like Google TAG, it usually means the issue was seen in serious, real-world attacks rather than simple proof-of-concept testing.

The advisory also referenced two older vulnerabilities that were linked to the same investigation:

CVE-2025-14174

  • Severity score: 8.8 (High)

  • Issue type: Out-of-bounds memory access

  • Affected component: ANGLE’s Metal renderer

This vulnerability was first disclosed by Google and had already been patched in December 2025. Metal is Apple’s high-performance graphics and compute API, used heavily in games and graphics-intensive applications.

CVE-2025-43529

  • Severity score: 8.8 (High)

  • Issue type: Use-after-free vulnerability

  • Affected component: WebKit

WebKit is the browser engine behind Safari and many other apps on Apple platforms. This flaw could allow attackers to execute malicious code simply by getting a victim to open specially crafted web content.

Although these two vulnerabilities were already fixed, Apple mentioned them again to provide full context about the attack chain.

zero day

Apple released patched versions for all major platforms. Users are strongly advised to update as soon as possible.

Latest Updates

  • iOS 26.3 and iPadOS 26.3
    Supported on iPhone 11 and newer, and modern iPad models including iPad Pro, iPad Air (3rd gen+), iPad (8th gen+), and iPad mini (5th gen+)

  • macOS Tahoe 26.3
    Available for all Macs running macOS Tahoe

  • tvOS 26.3
    Apple TV HD and all Apple TV 4K models

  • watchOS 26.3
    Apple Watch Series 6 and newer

  • visionOS 26.3
    All Apple Vision Pro models

Apple also released security fixes for users who are running older but still supported software versions.

  • iOS 18.7.5 and iPadOS 18.7.5
    For iPhone XS, XS Max, XR, and iPad 7th generation

  • macOS Sequoia 15.7.4

  • macOS Sonoma 14.8.4

  • Safari 26.3
    For macOS Sonoma and macOS Sequoia users

These updates fix multiple security bugs, even though they may not include all new features found in the latest operating systems.

This is Apple’s first actively exploited zero-day vulnerability disclosed in 2026. In 2025, Apple fixed nine zero-day flaws that were exploited in the wild, showing a clear pattern of attackers focusing on Apple platforms.

Zero-day vulnerabilities are especially dangerous because attackers can use them before a patch is available. Once a fix is released, cybercriminals often rush to exploit devices that have not yet been updated.

If you use an Apple device, updating your software immediately is one of the most important steps you can take to protect your data and privacy. Even if you believe you are not a high-value target, attackers often reuse the same exploits in wider campaigns once details become public.

Follow us on Twitter and Linkedin for real time updates and exclusive content.

Interesting Article : Fortinet Patches Critical FortiClientEMS SQL Injection Vulnerability (CVE-2026-21643)

Scroll to Top