Apple Issues Emergency Updates for Exploited Zero-Day Affecting iOS, macOS and All Major Devices
4 min. read 
Updated on
Apple has released urgent security updates across iOS, iPadOS, macOS, tvOS, watchOS, and visionOS to fix a zero-day vulnerability that was actively exploited in the wild against targeted users. The flaw could allow attackers to run arbitrary code on vulnerable devices without user consent.
The vulnerability is tracked as CVE-2026-20700, a memory corruption issue in dyld, Apple’s Dynamic Link Editor the component responsible for loading shared code libraries. According to Apple’s own security advisories, the flaw was discovered and reported by Google’s Threat Analysis Group (TAG) and has been linked to sophisticated, targeted attacks on versions of iOS before iOS 26.
Access content across the globe at the highest speed rate.
70% of our readers choose Private Internet Access
70% of our readers choose ExpressVPN
Browse the web from multiple devices with industry-standard security protocols.
Faster dedicated servers for specific actions (currently at summer discounts)
“An attacker with memory write capability may be able to execute arbitrary code,” Apple said in official security notes on CVE-2026-20700. “Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26.”
Apple does not always disclose details on active exploitation. The company confirmed that this flaw was part of a wider chain including previous zero-days fixed in December 2025, indicating attackers have been combining multiple vulnerabilities to compromise devices.
What Devices and Systems Are Affected?
Apple has patched CVE-2026-20700 and dozens of other vulnerabilities in the following updates:
| Operating System | Devices Covered |
|---|---|
| iOS 26.3 & iPadOS 26.3 | iPhone 11 and newer, modern iPads |
| macOS Tahoe 26.3 | All supported Macs |
| tvOS 26.3 | Apple TV HD & Apple TV 4K |
| watchOS 26.3 | Apple Watch Series 6 and newer |
| visionOS 26.3 | Apple Vision Pro |
Older releases of iOS, macOS, iPadOS, and Safari have also received updates to address legacy CVEs and other security issues.
Technical Impact of the Exploited Zero-Day
CVE-2026-20700 is a memory corruption bug in dyld. If an attacker has the ability to write to memory, they can gain control of execution flow and run arbitrary code. This broad class of bug can be leveraged for spyware deployment, silent remote control, or other malicious objectives.
In Apple’s security content descriptions, the fix was implemented through improved state management, effectively closing the window attackers used to corrupt memory.
This vulnerability is linked to a group of earlier bugs patched in late 2025, including memory and use-after-free issues in WebKit and other components that attackers were seen chaining together in highly targeted attacks.
Why This Matters Now
Zero-day vulnerabilities are rare but critically important when actively exploited. The involvement of Google TAG in discovering this issue highlights the seriousness of the risk. These updates likely mitigated real attacks that had already begun against specific individuals long before Apple publicly disclosed the flaw.
Security leaders and administrators should treat this as an urgent priority for all Apple infrastructure. Failure to apply these patches can leave devices open to remote compromise, data theft, or persistent spyware installation.
Additional Patches Released
Alongside CVE-2026-20700, Apple’s updates address many other security weaknesses affecting:
- CoreServices and kernel logic issues that could allow privilege escalation.
- WebKit memory handling and crash flaws impacting Safari and web content.
- App sandbox and authorization bypass errors that could lead to data leakage or unintended escalation.
These additional fixes improve overall platform security and reduce risk from other exploited and theoretical threats.
Steps Users and Organizations Should Take
Security professionals and Apple users are advised to:
- Install iOS 26.3 or later immediately on all compatible iPhones and iPads.
- Apply macOS Tahoe 26.3 on Macs used for business or sensitive work.
- Update tvOS, watchOS, and visionOS devices where applicable.
- Audit Apple devices in enterprise fleets to confirm update compliance.
- Review organizational MDM policies to enforce timely patch rollout.
Because the exploited zero-day was targeted and sophisticated, delaying updates could leave sensitive users at risk of persistent compromise.
FAQ: Apple’s 2026 Zero-Day Update
A zero-day is a flaw that attackers can exploit before developers have released a patch. CVE-2026-20700 was being used by attackers before Apple’s fix was released.
It affected dyld (Dynamic Link Editor), a core system component that loads shared libraries on Apple devices.
Google’s Threat Analysis Group (TAG) is credited with reporting the issue to Apple.
Users should update to iOS 26.3, iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, watchOS 26.3, and visionOS 26.3.
Yes, this is the first such confirmed exploited vulnerability patched this year, following nine zero-days fixed in 2025.
Read our disclosure page to find out how can you help VPNCentral sustain the editorial team Read more
Improve this guide
User forum
0 messages