Overview
- Apple issued security updates for iOS and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, watchOS 26.3, and visionOS 26.3 after confirming in‑the‑wild exploitation.
- CVE-2026-20700 is a memory‑corruption flaw in dyld that allows arbitrary code execution by an attacker with memory write capability.
- Apple says the attacks targeted specific individuals and were linked to December 2025 zero‑days in ANGLE and WebKit (CVE-2025-14174 and CVE-2025-43529) used as part of an exploit chain.
- Google’s Threat Analysis Group discovered and reported the vulnerability, and CISA added the flaw to its Known Exploited Vulnerabilities catalog on Thursday.
- Apple also shipped patches for older branches, including iOS/iPadOS 18.7.5, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, and Safari 26.3, and security experts urge immediate updates with extra precautions for high‑risk users.