ACCORDING to Apple, the company has rolled out fixes for a zero-day vulnerability in iOS that has been exploited in the wild. Tracked as CVE-2026-20700, the memory corruption flaw could enable arbitrary code execution and affects the dyld system component responsible for loading dynamic libraries. Apple said the flaw was exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS prior to iOS 26.
The patches are included in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, watchOS 26.3, and visionOS 26.3, with older devices receiving iOS 18.7.5 and iPadOS 18.7.5 among others. The update also patches CVE-2025-14174 and CVE-2025-43529, vulnerabilities linked to WebKit, which were addressed in December 2025, and Safari 26.3 includes fixes for eight defects. Users are advised to update their devices promptly, with additional details available on Apple’s security updates page.