Apple released security updates to patch a zero-day arbitrary code execution vulnerability in dyld tracked as CVE-2026-20700 that was exploited in an “extremely sophisticated” targeted attack against specific individuals. The flaw, discovered by Google’s Threat Analysis Group, affects iPhone, iPad, Mac, tvOS, watchOS, and visionOS devices and was fixed in iOS 18.7.5, iPadOS 18.7.5, macOS Tahoe 26.3, tvOS 26.3, watchOS 26.3, and visionOS 26.3 — users should install updates immediately. #CVE-2026-20700 #dyld
Keypoints
- Apple patched a zero-day arbitrary code execution flaw in the Dynamic Link Editor (dyld), tracked as CVE-2026-20700.
- Apple says the vulnerability was exploited in extremely sophisticated, targeted attacks against specific individuals.
- Google’s Threat Analysis Group discovered the issue and reported it to Apple.
- Fixes were released across iOS, iPadOS, macOS Tahoe, tvOS, watchOS, and visionOS (versions 18.7.5 / 26.3 where applicable).
- Affected devices include iPhone 11 and later and several recent iPad and Mac models, so users should apply the updates promptly.