Overview
- Updates are available as iOS and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, watchOS 26.3, and visionOS 26.3 for supported devices including iPhone 11 and later and recent iPad Pro models.
- CVE-2026-20700 is a memory corruption issue in dyld that can enable arbitrary code execution by an attacker with memory write capability.
- Apple says the vulnerability was used against specific individuals on versions prior to iOS 26 as part of an attack chain that also leveraged CVE-2025-14174 (ANGLE/Metal) and CVE-2025-43529 (WebKit).
- Apple also issued security updates for older branches, including iOS and iPadOS 18.7.5, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, and Safari 26.3.
- This is Apple’s first actively exploited zero-day fix of 2026, with the new releases also addressing nearly 40 issues on iOS/iPadOS and more than 50 on macOS Tahoe.