Apple Patches iOS Zero-Day Exploited in 'Extremely Sophisticated Attack'

Apple Patches iOS Zero-Day Exploited in 'Extremely Sophisticated Attack'

Briefly

"Tracked as CVE-2026-20700, the zero-day flaw is described as a memory corruption issue that could be exploited for arbitrary code execution. It affects dyld (Dynamic Link Editor), the system component responsible for loading dynamic libraries into memory and which acts as a connector between application code and system frameworks. "Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26," Apple noted in its advisory."

"A week before Apple's patches, Google rolled out Chrome fixes for CVE-2025-14174, although the issue did not yet have a CVE identifier. The three zero-day bugs were identified by Apple's security team and Google's Threat Analysis Group and their descriptions suggest that they might have been exploited by commercial spyware vendors. On Wednesday, Apple announced that patches for CVE-2026-20700 have been included in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, watchOS 26.3, and visionOS 26.3."

"The bugs could be exploited for information exposure, denial-of-service (DoS), arbitrary file write, privilege escalation, network traffic interception, sandbox escape, and code execution. For older device models, Apple released iOS 18.7.5 and iPadOS 18.7.5, macOS Sequoia 15.7.4, and macOS Sonoma 14.8.4, each with patches for over three dozen vulnerabilities."