- Apple patches zero-day CVE-2026-20700 in Dynamic Hyperlink Editor (dyld)
- Flaw enabled arbitrary code execution, utilized in refined focused assaults
- Fixes launched in iOS, iPadOS, macOS, tvOS, watchOS, and visionOS updates
Apple has mounted its first zero-day vulnerability of 2026, a bug that has apparently been utilized in an “extraordinarily refined assault”.
In a safety advisory, Apple mentioned the Google Risk Evaluation Group (GTAG) found a reminiscence corruption subject within the Dynamic Hyperlink Editor (dyld), a system part that helps apps run, and when an individual opens an app, the part masses the shared libraries it wants and connects every part collectively.
Dyld works within the background and is crucial for operating apps on Apple units.
Now, Apple says the bug, which permits malicious actors with reminiscence write functionality to execute arbitrary code on weak units, is tracked as CVE-2026-20700, and is given a severity rating of 9.8/10 (crucial), as per Tenable.
“Apple is conscious of a report that this subject might have been exploited in an especially refined assault in opposition to particular focused people on variations of iOS earlier than iOS 26. CVE-2025-14174 and CVE-2025-43529 have been additionally issued in response to this report.”
There are two issues that stand out on this advisory: that the bug was utilized in an especially refined assault in opposition to particular people, and that it was found by GTAG – a bunch that nearly completely tracks state-sponsored menace actors.
This would possibly imply that the targets have been politicians, diplomats, CEOs of crucial infrastructure organizations, or these working in protection, aerospace, or telecommunications sectors. Traditionally, these persons are the primary ones to be focused with a zero-day on an Apple machine.
Right here is the total record of affected units:
iPhone 11 and later
iPad Professional 12.9-inch (third era and later)
iPad Professional 11-inch (1st era and later)
iPad Air (third era and later)
iPad (eighth era and later)
iPad mini (fifth era and later)
Mac units operating macOS Tahoe
The bug was mounted in iOS 18.7.5, iPadOS 18.7.5, macOS Tahoe 26.3, tvOS 26.3, watchOS 26.3, and visionOS 26.3, so ensure to patch as quickly as doable.
By way of BleepingComputer
The very best antivirus for all budgets
Comply with TechRadar on Google Information and add us as a most popular supply to get our professional information, evaluations, and opinion in your feeds. Ensure that to click on the Comply with button!
And naturally you can even comply with TechRadar on TikTok for information, evaluations, unboxings in video type, and get common updates from us on WhatsApp too.
Leave a Reply