Key Findings

• Apple has fixed an actively exploited zero-day vulnerability in its ecosystem, including iOS, macOS, and other devices.

• The vulnerability, tracked as CVE-2026-20700, is a memory corruption flaw in Apple's Dynamic Link Editor (dyld) that allows attackers to execute arbitrary code.

• The flaw was discovered and reported by Google's Threat Analysis Group, suggesting it may have been used in sophisticated, targeted attacks by nation-state actors or commercial spyware vendors.

• Apple has also fixed two related vulnerabilities, CVE-2025-14174 and CVE-2025-43529, which were likely part of the same exploit chain.

• The updates are available for a broad range of Apple devices, including iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, and various iPad and Mac models.

• Users are urged to update their devices immediately to the latest versions of iOS, iPadOS, macOS, watchOS, tvOS, and visionOS to protect against this actively exploited threat.

Background

This zero-day vulnerability is the first to be actively exploited in the wild in 2026, following a spate of similar incidents in 2025. The discovery and disclosure of this flaw by Google's Threat Analysis Group, a team known for hunting state-sponsored hacking groups and commercial spyware vendors, suggests that it may have been leveraged in targeted attacks against specific individuals, such as journalists, dissidents, or diplomats, rather than the general public.

Technical Details

The vulnerability, CVE-2026-20700, is a memory corruption issue in Apple's Dynamic Link Editor (dyld), a fundamental component responsible for loading shared libraries and frameworks when an app launches. This low-level flaw is particularly dangerous, as it could allow attackers to hijack the app loading process and insert their own malicious code deep into the system's memory, bypassing security checks.

Apple's advisory notes that the flaw enables "Arbitrary Code Execution (ACE)," meaning an attacker with memory write capability could potentially execute their own instructions on the targeted device.

The company also revealed that two other vulnerabilities, CVE-2025-14174 and CVE-2025-43529, were addressed in response to the same report, suggesting they were likely part of a broader exploit chain used in the attacks.

Impact and Affected Devices

The vulnerability affects a wide range of modern Apple devices, including:

• iPhone: iPhone 11 and later

• iPad Pro: 12.9-inch (3rd generation and later), 11-inch (1st generation and later)

• iPad Air: 3rd generation and later

• iPad: 8th generation and later

• iPad mini: 5th generation and later

Given the confirmed active exploitation, Apple has released urgent security updates to address the issue across its entire mobile ecosystem, including iOS, iPadOS, macOS, watchOS, tvOS, and visionOS.

Mitigation and Recommendations

Users are strongly advised to navigate to Settings > General > Software Update and install the latest versions of iOS, iPadOS, and other affected operating systems immediately to protect their devices from this sophisticated threat. The updates are now available and should be installed without delay.

Sources

• https://securityaffairs.com/187890/security/apple-fixed-first-actively-exploited-zero-day-in-2026.html

• https://securityonline.info/apple-zero-day-cve-2026-20700-exploited-in-the-wild/

• https://www.bleepingcomputer.com/news/security/apple-fixes-zero-day-flaw-used-in-extremely-sophisticated-attacks/

• https://thehackernews.com/2026/02/apple-fixes-exploited-zero-day.html

• https://cybersecuritynews.com/apple-0-day-vulnerability-exploited/

• https://www.reddit.com/r/SecOpsDaily/comments/1r2mpqh/apple_fixes_exploited_zeroday_affecting_ios_macos/