Apple on Wednesday launched iOS, iPadOS, macOS Tahoe, tvOS, watchOS, and visionOS updates to deal with a zero-day flaw that it stated has been exploited in refined cyber assaults.
The vulnerability, tracked as CVE-2026-20700 (CVSS rating: N/A), has been described as a reminiscence corruption difficulty in dyld, Apple’s Dynamic Hyperlink Editor. Profitable exploitation of the vulnerability may enable an attacker with reminiscence write functionality to execute arbitrary code on inclined gadgets. Google Risk Evaluation Group (TAG) has been credited with discovering and reporting the bug.
“Apple is conscious of a report that this difficulty could have been exploited in a particularly refined assault in opposition to particular focused people on variations of iOS earlier than iOS 26,” the corporate stated in an advisory. “CVE-2025-14174 and CVE-2025-43529 had been additionally issued in response to this report.”
It is value noting that each CVE-2025-14174 and CVE-2025-43529 had been addressed by Cupertino in December 2025, with the previous first disclosed by Google as having been exploited within the wild. CVE-2025-14174 (CVSS rating: 8.8) pertains to an out-of-bounds reminiscence entry in ANGLE’s Steel renderer element. Steel is a high-performance hardware-accelerated graphics and compute API developed by Apple.
CVE-2025-43529 (CVSS rating: 8.8), then again, is a use-after-free vulnerability in WebKit which will result in arbitrary code execution when processing maliciously crafted net content material.
The updates can be found for the next gadgets and working techniques –
- iOS 26.3 and iPadOS 26.3 – iPhone 11 and later, iPad Professional 12.9-inch third era and later, iPad Professional 11-inch 1st era and later, iPad Air third era and later, iPad eighth era and later, and iPad mini fifth era and later
- macOS Tahoe 26.3 – Macs operating macOS Tahoe
- tvOS 26.3 – Apple TV HD and Apple TV 4K (all fashions)
- watchOS 26.3 – Apple Watch Collection 6 and later
- visionOS 26.3 – Apple Imaginative and prescient Professional (all fashions)
As well as, Apple has additionally launched updates to resolve numerous vulnerabilities in older variations of iOS, iPadOs, macOS, and Safari –
With the newest improvement, Apple has moved to deal with its first actively exploited zero-day in 2026. Final yr, the corporate patched 9 zero-day vulnerabilities that had been exploited within the wild.
