CVE-2026-20700

Name of the Vulnerable Software and Affected Versions Apple products (affected versions not specified) iOS versions prior to 26.3 iPadOS versions prior to 26.3 macOS versions prior to Tahoe 26.3 tvOS versions prior to 26.3 watchOS versions prior to 26.3 visionOS versions prior to 26.3

Description A memory corruption vulnerability exists in Apple’s dyld (Dynamic Link Editor). This flaw, identified as CVE-2026-20700, allows attackers with memory write access to execute arbitrary code. The vulnerability has been actively exploited in sophisticated, targeted attacks against specific individuals. Google’s Threat Analysis Group discovered the issue and it has been addressed in the February 2026 security updates. The flaw has been exploited in conjunction with other vulnerabilities. It has existed in every iOS version since iOS 1.0.

Recommendations Update to iOS version 26.3. Update to iPadOS version 26.3. Update to macOS Tahoe version 26.3. Update to tvOS version 26.3. Update to watchOS version 26.3. Update to visionOS version 26.3.