.png.webp "Apple zero-day flaw")
Apple has issued emergency security updates to address a critical zero-day vulnerability actively exploited in what the company describes as an "extremely sophisticated attack" against high-value targets.
The flaw, tracked as CVE-2026-20700, affects the Dynamic Link Editor (dyld)—a core system component responsible for loading programs and libraries across all Apple platforms.
The vulnerability allows attackers with memory write capability to execute arbitrary code, essentially giving them complete control over affected devices. Google's Threat Analysis Group (TAG) discovered the flaw, a team that typically investigates nation-state threats and commercial spyware operations—a strong signal this wasn't ordinary cybercrime.
Apple's security bulletin reveals the attack chain went deeper than initially suspected. The company confirmed CVE-2026-20700 was exploited alongside two previously patched WebKit vulnerabilities (CVE-2025-14174 and CVE-2025-43529) in coordinated incidents. This multi-stage approach mirrors tactics used by sophisticated surveillance vendors who chain multiple exploits to penetrate modern device protections.
The dyld component sits at the foundation of iOS, iPadOS, macOS, tvOS, watchOS, and visionOS, making this vulnerability particularly dangerous. Unlike browser-based attacks that require user interaction, a dyld exploit could potentially be triggered through various vectors once an attacker gains initial memory access.
Security researchers note that dyld vulnerabilities are highly prized in the surveillance industry because they affect core system operations and can bypass many security layers. The chaining with browser exploits suggests attackers first used the WebKit flaws to gain a foothold, then leveraged the dyld bug to achieve full system compromise.
Apple has released patches across its entire ecosystem: iOS 18.7.5, iPadOS 18.7.5, macOS Tahoe 26.3, tvOS 26.3, watchOS 26.3, and visionOS 26.3. Users should update immediately through Settings > General > Software Update on iOS devices.
This marks Apple's first confirmed zero-day exploitation of 2026, following seven similar incidents in 2025. The pattern of targeted attacks against "specific individuals" continues a trend security experts associate with commercial spyware tools sold to governments and law enforcement agencies.