Full Report
Apple on Wednesday released iOS, iPadOS, macOS Tahoe, tvOS, watchOS, and visionOS updates to address a zero-day flaw that it said has been exploited in sophisticated cyber attacks. The vulnerability, tracked as CVE-2026-20700 (CVSS score: N/A), has been described as a memory corruption issue in dyld, Apple's Dynamic Link Editor. Successful exploitation of the vulnerability could allow an
Analysis Summary
# Vulnerability: Apple dyld Memory Corruption Zero-Day
## CVE Details
- CVE ID: CVE-2026-20700
- CVSS Score: N/A (Severity not provided)
- CWE: Memory Corruption Issue (Specific CWE not provided)
## Affected Systems
- Products: iOS, iPadOS, macOS Tahoe, tvOS, watchOS, visionOS (and older versions of iOS, iPadOS, macOS, and Safari)
- Versions:
- Fixed in: iOS 26.3, iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, watchOS 26.3, visionOS 26.3.
- Also fixed in older versions: iOS 18.7.5, iPadOS 18.7.5, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, Safari 26.3 (for Sonoma/Sequoia).
- Affected configuration: Versions of iOS before iOS 26.
- Configurations: Specific to devices running susceptible versions prior to the patches.
## Vulnerability Description
The vulnerability is a memory corruption issue located in `dyld`, the Dynamic Link Editor used by Apple operating systems. Successful exploitation could grant an attacker the capability to write to arbitrary memory locations, leading to arbitrary code execution on the affected device.
## Exploitation
- Status: Exploited in the wild (Apple states the issue "may have been exploited in an extremely sophisticated attack against specific targeted individuals").
- Complexity: Implied to be high, given the context of "sophisticated cyber attacks."
- Attack Vector: Not explicitly detailed, but memory corruption leading to code execution often suggests remote code execution (RCE) potential in sophisticated attacks, or local if chaining is required.
## Impact
- Confidentiality: High (Arbitrary code execution typically allows for data exfiltration).
- Integrity: High (Arbitrary code execution allows for system modification).
- Availability: High (Code execution could lead to denial of service or system compromise).
## Remediation
### Patches
The vulnerability is addressed in the following updates:
- **iOS 26.3 and iPadOS 26.3**: For iPhone 11 and later, various iPad models.
- **macOS Tahoe 26.3**
- **tvOS 26.3**
- **watchOS 26.3**
- **visionOS 26.3**
- **Older Versions**: iOS 18.7.5, iPadOS 18.7.5, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, and Safari 26.3.
### Workarounds
- No specific workarounds were mentioned in the provided text. Immediate patching is the primary recommended action given the active exploitation.
## Detection
- Detection methods were not detailed in the source material.
- **Note**: The report mentions that two other vulnerabilities, CVE-2025-14174 (OOB read in ANGLE) and CVE-2025-43529 (Use-After-Free in WebKit), were also addressed in response to the same report, suggesting an attack chain might have involved these components for initial access or privilege escalation before exploiting CVE-2026-20700.
## References
- Apple Advisory for iOS/iPadOS: hxxps://support.apple.com/en-us/126346
- Apple Advisory for macOS Tahoe: hxxps://support.apple.com/en-us/126348
- Apple Advisory for tvOS: hxxps://support.apple.com/en-us/126351
- Apple Advisory for watchOS: hxxps://support.apple.com/en-us/126352
- Apple Advisory for visionOS: hxxps://support.apple.com/en-us/126353
- NVD Link: hxxps://nvd.nist.gov/vuln/detail/CVE-2026-20700