APPLE has issued an emergency security update for its mobile ecosystem to close a critical zero-day vulnerability tracked as CVE-2026-20700, which is described as being used in an extremely sophisticated attack against specific targeted individuals. The flaw resides in dyld, the Dynamic Link Editor, and Apple notes that an attacker with memory write capability may be able to execute arbitrary code.
The advisory credits Google’s Threat Analysis Group (TAG) with the discovery of the vulnerability, suggesting the exploit was likely deployed against targeted individuals rather than the general public. Apple says the vulnerability was likely part of a broader exploit chain, with two additional vulnerabilities—CVE-2025-14174 and CVE-2025-43529—also issued in response to this report.
The patch applies to a broad range of devices, including iPhone 11 and later, various iPad models, and iPadOS 26.3/iOS 26.3, and users are urged to install the update immediately.