top of page
Search

Apple Addresses Multiple Zero-Day Vulnerabilities Affecting Its Devices

  • Feb 12
  • 2 min read

Key Findings


  • Apple released emergency updates for iOS, iPadOS, macOS, tvOS, watchOS, and visionOS to address an actively exploited zero-day vulnerability (CVE-2026-20700)

  • The vulnerability is a memory corruption issue in Apple's Dynamic Link Editor (dyld) that could allow attackers to execute arbitrary code

  • The flaw was discovered and reported by Google's Threat Analysis Group, suggesting it may have been used in sophisticated nation-state or commercial spyware attacks

  • Apple also patched two other vulnerabilities (CVE-2025-14174 and CVE-2025-43529) that were likely exploited as part of the same campaign


Background


  • CVE-2026-20700 is an unspecified memory corruption issue in dyld, Apple's Dynamic Link Editor

  • Successful exploitation could allow an attacker with memory write capability to execute arbitrary code on affected devices

  • Google's Threat Analysis Group discovered and reported the vulnerability, indicating it may have been used in targeted attacks by advanced threat actors


Impact


  • The vulnerability affects a wide range of Apple devices and operating systems, including iPhones, iPads, Macs, Apple TVs, Apple Watches, and the new Apple Vision Pro headset

  • By exploiting CVE-2026-20700, attackers could potentially gain full control over targeted devices and access sensitive user data


Remediation


  • Apple has released updates for the following devices and operating systems:

  • iOS 26.3 and iPadOS 26.3 for iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later

  • macOS Tahoe 26.3 for Macs

  • tvOS 26.3 for Apple TV HD and Apple TV 4K

  • watchOS 26.3 for Apple Watch Series 6 and later

  • visionOS 26.3 for Apple Vision Pro

  • Apple also released updates for older versions of iOS, iPadOS, macOS, and Safari to address additional vulnerabilities


Conclusion


  • Apple's prompt response to this actively exploited zero-day underscores the importance of keeping devices up-to-date with the latest security patches

  • Users should install the available updates as soon as possible to protect their devices and data from potential compromise


Sources


  • https://thehackernews.com/2026/02/apple-fixes-exploited-zero-day.html

  • https://securityaffairs.com/187890/security/apple-fixed-first-actively-exploited-zero-day-in-2026.html

  • https://securityonline.info/apple-zero-day-cve-2026-20700-exploited-in-the-wild/

  • https://www.reddit.com/r/SecOpsDaily/comments/1r2mpqh/apple_fixes_exploited_zeroday_affecting_ios_macos/

  • https://news.backbox.org/2026/02/12/apple-fixes-exploited-zero-day-affecting-ios-macos-and-apple-devices/

  • https://www.securityweek.com/apple-patches-ios-zero-day-exploited-in-extremely-sophisticated-attack/

Recent Posts

See All
Defeating AI with AI

Key Findings Generative AI and agentic AI are increasingly used by threat actors to conduct faster and more targeted attacks. One capability that AI improves for threat actors is the ability to profil

 
 
 

Comments

  • Youtube

© 2025 by Explain IT Again. Powered and secured by Wix

bottom of page