top of page
Search

Apple Addresses Multiple Zero-Day Vulnerabilities Affecting Its Devices

  • Feb 12
  • 2 min read

Key Findings


  • Apple released emergency updates for iOS, iPadOS, macOS, tvOS, watchOS, and visionOS to address an actively exploited zero-day vulnerability (CVE-2026-20700)

  • The vulnerability is a memory corruption issue in Apple's Dynamic Link Editor (dyld) that could allow attackers to execute arbitrary code

  • The flaw was discovered and reported by Google's Threat Analysis Group, suggesting it may have been used in sophisticated nation-state or commercial spyware attacks

  • Apple also patched two other vulnerabilities (CVE-2025-14174 and CVE-2025-43529) that were likely exploited as part of the same campaign


Background


  • CVE-2026-20700 is an unspecified memory corruption issue in dyld, Apple's Dynamic Link Editor

  • Successful exploitation could allow an attacker with memory write capability to execute arbitrary code on affected devices

  • Google's Threat Analysis Group discovered and reported the vulnerability, indicating it may have been used in targeted attacks by advanced threat actors


Impact


  • The vulnerability affects a wide range of Apple devices and operating systems, including iPhones, iPads, Macs, Apple TVs, Apple Watches, and the new Apple Vision Pro headset

  • By exploiting CVE-2026-20700, attackers could potentially gain full control over targeted devices and access sensitive user data


Remediation


  • Apple has released updates for the following devices and operating systems:

  • iOS 26.3 and iPadOS 26.3 for iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later

  • macOS Tahoe 26.3 for Macs

  • tvOS 26.3 for Apple TV HD and Apple TV 4K

  • watchOS 26.3 for Apple Watch Series 6 and later

  • visionOS 26.3 for Apple Vision Pro

  • Apple also released updates for older versions of iOS, iPadOS, macOS, and Safari to address additional vulnerabilities


Conclusion


  • Apple's prompt response to this actively exploited zero-day underscores the importance of keeping devices up-to-date with the latest security patches

  • Users should install the available updates as soon as possible to protect their devices and data from potential compromise


Sources


  • https://thehackernews.com/2026/02/apple-fixes-exploited-zero-day.html

  • https://securityaffairs.com/187890/security/apple-fixed-first-actively-exploited-zero-day-in-2026.html

  • https://securityonline.info/apple-zero-day-cve-2026-20700-exploited-in-the-wild/

  • https://www.reddit.com/r/SecOpsDaily/comments/1r2mpqh/apple_fixes_exploited_zeroday_affecting_ios_macos/

  • https://news.backbox.org/2026/02/12/apple-fixes-exploited-zero-day-affecting-ios-macos-and-apple-devices/

  • https://www.securityweek.com/apple-patches-ios-zero-day-exploited-in-extremely-sophisticated-attack/

Recent Posts

See All

Comments

  • Youtube

© 2025 by Explain IT Again. Powered and secured by Wix

bottom of page