https://support.apple.com/en-us/126347
Apple has addressed a dangerous zero-day flaw identified as CVE-2026-20700, which was actively exploited in highly sophisticated cyberattacks targeting specific individuals. This vulnerability exists in dyld, Apple’s Dynamic Link Editor, affecting a wide range of operating systems including iOS, iPadOS, macOS, tvOS, watchOS, and visionOS. According to Apple’s security advisory, the flaw allows an attacker with memory write capabilities to execute arbitrary code on vulnerable devices, posing a significant threat to users.
The zero-day was discovered by Google’s Threat Analysis Group and is linked to prior vulnerabilities fixed in December 2025, signaling a sustained and complex attack campaign. Devices impacted include iPhone 11 and newer models, various iPad generations, and Macs running macOS Tahoe.
Apple has released patch updates across all affected platforms—most notably iOS 18.7.5 and macOS Tahoe 26.3—to mitigate the issue. While Apple confirmed exploitation occurred only in targeted scenarios, users are strongly urged to apply these updates immediately to safeguard their devices.