Apple on Wednesday launched iOS, iPadOS, macOS Tahoe, tvOS, watchOS, and visionOS updates to handle a zero-day flaw that it mentioned has been exploited in subtle cyber assaults.
The vulnerability, tracked as CVE-2026-20700 (CVSS rating: 7.8), has been described as a reminiscence corruption concern in dyld, Apple’s Dynamic Hyperlink Editor. Profitable exploitation of the vulnerability may enable an attacker with reminiscence write functionality to execute arbitrary code on inclined gadgets. Google Menace Evaluation Group (TAG) has been credited with discovering and reporting the bug.
“Apple is conscious of a report that this concern could have been exploited in an especially subtle assault towards particular focused people on variations of iOS earlier than iOS 26,” the corporate mentioned in an advisory. “CVE-2025-14174 and CVE-2025-43529 have been additionally issued in response to this report.”
It is price noting that each CVE-2025-14174 and CVE-2025-43529 have been addressed by Cupertino in December 2025, with the previous first disclosed by Google as having been exploited within the wild. CVE-2025-14174 (CVSS rating: 8.8) pertains to an out-of-bounds reminiscence entry in ANGLE’s Steel renderer part. Steel is a high-performance hardware-accelerated graphics and compute API developed by Apple.
CVE-2025-43529 (CVSS rating: 8.8), however, is a use-after-free vulnerability in WebKit which will result in arbitrary code execution when processing maliciously crafted net content material.
The updates can be found for the next gadgets and working programs –
- iOS 26.3 and iPadOS 26.3 – iPhone 11 and later, iPad Professional 12.9-inch third era and later, iPad Professional 11-inch 1st era and later, iPad Air third era and later, iPad eighth era and later, and iPad mini fifth era and later
- macOS Tahoe 26.3 – Macs working macOS Tahoe
- tvOS 26.3 – Apple TV HD and Apple TV 4K (all fashions)
- watchOS 26.3 – Apple Watch Sequence 6 and later
- visionOS 26.3 – Apple Imaginative and prescient Professional (all fashions)
As well as, Apple has additionally launched updates to resolve varied vulnerabilities in older variations of iOS, iPadOs, macOS, and Safari –
With the newest growth, Apple has moved to handle its first actively exploited zero-day in 2026. Final 12 months, the corporate patched 9 zero-day vulnerabilities that have been exploited within the wild.
