Apple has released security updates for its fleet of devices, including a fix for a critical iOS vulnerability that has been exploited in targeted attacks. 

That vulnerability (CVE-2026-20700) also was patched in macOS, but the active exploitation that Apple disclosed was against iOS only. It’s a memory corruption vulnerability in dyld, a component of iOS and macOS that links app code with libraries. 

“An attacker with memory write capability may be able to execute arbitrary code. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26,” the Apple advisory says.

The flaw was discovered by researchers at Google’s Threat Analysis Group, the team that specifically tracks advanced threat actors such as APTs and prolific cybercrime operators. In addition to the CVE for the flaw in macOS and iOS, two other CVEs were allocated earlier as a result of TAG’s discovery, one in Chrome and one in Safari. 

In addition to CVE-2026-20700, Apple patched dozens of other vulnerabilities in macOS, iOS, watchOS, and Safari. None of those other flaws have been actively exploited as of yet, according to Apple. 

But that’s not to say that those bugs aren’t serous. Both the iOS and macOS updates include a number of important fixes, many of which are in Webkit or the kernel.

Organizations with iPhones and MacBooks in their device fleets should schedule the updates as soon as possible.

  • Recent Posts

  • Recent Comments

    No comments to show.