Apple has released emergency security updates to fix a zero-day vulnerability that was reportedly used in what the company describes as an “extremely sophisticated” attack against specific individuals.
The flaw, tracked as CVE-2026-20700, affects dyld (the Dynamic Link Editor) used across Apple’s operating systems, including iOS, iPadOS, macOS, tvOS, watchOS, and visionOS.
What the Vulnerability Does
Apple sometimes spots vulnerabilities in places you don't expect, like the password app. According to Apple’s security advisory, this time the vulnerability is an arbitrary code execution flaw. An attacker with memory write capabilities could exploit the issue to execute malicious code on a vulnerable device.
Apple confirmed that the flaw may have been actively used on versions of iOS before iOS 26 in highly targeted attacks. The company did not disclose technical details about how the vulnerability was used, which is normal practice to prevent further abuse before most users update.
Apple also noted that two previously patched vulnerabilities - CVE-2025-14174 and CVE-2025-43529, both fixed in December - were exploited in the same campaign.
The vulnerability was discovered by Google’s Threat Analysis Group (TAG), a team known for investigating state-sponsored and advanced cyber-espionage activity.
Affected Devices
Apple says the following devices are impacted:
- iPhone 11 and later
- iPad Pro 12.9-inch (3rd generation and later)
- iPad Pro 11-inch (1st generation and later)
- iPad Air (3rd generation and later)
- iPad (8th generation and later)
- iPad mini (5th generation and later)
- Mac devices running macOS Tahoe
Updates That Fix the Issue
Apple addressed the vulnerability in the following releases:
- iOS 18.7.5
- iPadOS 18.7.5
- macOS Tahoe 26.3
- tvOS 26.3
- watchOS 26.3
- visionOS 26.3
Users are strongly advised to install the latest updates as soon as possible. Even though the attacks were reportedly highly targeted, zero-day vulnerabilities can sometimes become more broadly exploited once publicized.
First Apple Zero-Day of 2026
This marks Apple’s first confirmed zero-day patch of 2026. In 2025, the company addressed seven zero-day vulnerabilities.
While Apple did not provide specifics about who was targeted or the nature of the campaign, the involvement of Google’s Threat Analysis Group and the description of the attack as “extremely sophisticated” suggest the flaw may have been used in espionage operations.
As always, the most effective defense against new threats is keeping your devices consistently updated.
Thank you for being a Ghacks reader. The post Apple Fixes Zero-Day Used in Targeted Attacks appeared first on gHacks.
☞ El artículo completo original de Arthur Kay lo puedes ver aquí