Apple has released security updates to address a zero-day vulnerability that the company says was exploited in an “extremely sophisticated attack” against specific individuals.
The flaw, tracked as CVE-2026-20700, is an arbitrary code execution issue in dyld, the Dynamic Link Editor used across Apple operating systems including iOS, iPadOS, macOS, tvOS, watchOS, and visionOS. An attacker with memory write capabilities could exploit the vulnerability to execute malicious code on affected devices.
Apple said it is aware of reports that the vulnerability was used in targeted attacks on versions of iOS prior to iOS 26. The company also noted that two previously disclosed flaws, CVE-2025-14174 and CVE-2025-43529, which were patched in December, were exploited in the same incidents.
The secrity updates are available for a wide range of devices, including iPhone 11 and later models; multiple iPad Pro, iPad Air, iPad, and iPad mini generations; and Mac computers running macOS Tahoe. The issue has been addressed in iOS 18.7.5, iPadOS 18.7.5, macOS Tahoe 26.3, tvOS 26.3, watchOS 26.3, and visionOS 26.3.
Although the attacks appear to have been highly targeted, all users are recommended to install the latest updates to ensure their devices are protected.