Apple fixes dangerous zero-day flaw affecting macOS, iOS and more

• Apple fixes CVE-2026-20700 Zero Day in Dynamic Link Editor (dyld)
• Flaw allows execution of arbitrary code, used in sophisticated targeted attacks
• Fixes released in iOS, iPadOS, macOS, tvOS, watchOS and visionOS updates

Apple has patched its first zero-day vulnerability of 2026, a bug that was apparently used in a “highly sophisticated attack.”

In a security advisory, Apple said the Google Threat Analysis Group (GTAG) discovered a memory corruption issue in Dynamic Link Editor (dyld), a system component that helps apps run, and when a person opens an app, the component loads the shared libraries it needs and connects everything together.

Dyld runs in the background and is essential for running apps on Apple devices.

Apple now says the bug, which allows malicious actors with memory write capability to execute arbitrary code on vulnerable devices, is tracked as CVE-2026-20700 and receives a severity score of 9.8/10 (critical), according to Tenable.

“Apple is aware of a report that this issue may have been exploited in a highly sophisticated attack against specific targeted individuals on versions of iOS prior to iOS 26. CVE-2025-14174 and CVE-2025-43529 were also released in response to this report.”

Two things stand out from this advisory: that the bug was used in a highly sophisticated attack against specific individuals and that it was discovered by GTAG, a group that almost exclusively tracks perpetrators of state-sponsored threats.

This could mean the targets were politicians, diplomats, CEOs of critical infrastructure organizations, or people working in the defense, aerospace, or telecommunications sectors. Historically, these people are the first to be targeted by a zero-day on an Apple device.

Here is the full list of affected devices:

iPhone 11 and later

12.9-inch iPad Pro (3rd generation and later)

iPad Pro 11-inch (1st generation and later)

iPad Air (3rd generation and later)

iPad (8th generation and later)

iPad mini (5th generation and later)

Mac devices running macOS Tahoe

The bug was fixed in iOS 18.7.5, iPadOS 18.7.5, macOS Tahoe 26.3, tvOS 26.3, watchOS 26.3 and visionOS 26.3, so be sure to update the fix as soon as possible.

Via BeepComputer

Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!

And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). During his career, which spans more than a decade, he has written for numerous media outlets, including Al Jazeera Balkans. He has also hosted several modules on content writing for Represent Communications.