CVE-2026-20700

Name of the Vulnerable Software and Affected Versions Apple iOS, iPadOS, macOS, watchOS, tvOS, and visionOS versions prior to 26.3

Description Apple addressed a zero-day vulnerability (CVE-2026-20700) in dyld, the dynamic linker, which is a memory corruption issue. This flaw allows attackers with memory write capabilities to potentially execute arbitrary code on affected devices. Google’s Threat Analysis Group discovered the vulnerability and confirmed it was exploited in extremely sophisticated, targeted attacks against specific individuals. The DarkSword exploit kit has been observed leveraging this vulnerability, along with others, to gain full control of compromised devices. The vulnerability has existed in every iOS version since its inception. Exploitation may involve sophisticated techniques, potentially including the use of phishing and chained vulnerabilities. While the initial reports suggest targeted attacks, the potential for broader exploitation exists once the details become publicly available.

Recommendations Update to iOS 26.3 or later. Update to iPadOS 26.3 or later. Update to macOS Tahoe 26.3 or later. Update to watchOS 26.3 or later. Update to tvOS 26.3 or later. Update to visionOS 26.3 or later.