Apple fixed a zero-day vulnerability that it claimed has been used in sophisticated cyberattacks on Wednesday by releasing updates for iOS, iPadOS, macOS Tahoe, tvOS, watchOS, and visionOS This article explores vulnerability identified cve. . The vulnerability, identified as CVE-2026-20700 (CVSS score: N/A), has been characterized as a memory corruption problem in Apple's Dynamic Link Editor, or dyld.

An attacker with memory write access could run arbitrary code on vulnerable devices if the vulnerability is successfully exploited. The bug was found and reported by Google Threat Analysis Group (TAG). In an advisory, Apple stated, "Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26."

In response to this report, CVE-2025-14174 and CVE-2025-43529 were also released.Notably, Cupertino addressed both CVE-2025-14174 and CVE-2025-43529 in December 2025; Google was the first to reveal that the former had been exploited in the wild. An out-of-bounds memory access in ANGLE's Metal renderer component is the subject of CVE-2025-14174 (CVSS score: 8.8). However, CVE-2025-43529 (CVSS score: 8.8) is a use-after-free vulnerability in WebKit that could result in arbitrary code execution when processing maliciously crafted web content.

Metal is a high-performance hardware-accelerated graphics and compute API created by Apple.

The following devices and operating systems can receive the updates: iOS 26.3 and iPadOS 26.3 for iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later macOS Tahoe 26.3 for Macs running macOS Tahoe TVOS 26.3: Apple Watch Series 6 and later vision OS 26.3: Apple TV HD and Apple TV 4K (all models)OS 26.3: All models of Apple Vision Pro Additionally, Apple has released updates for iOS 18.7.5 and iPadOS 18.7.5, iPhone XS, iPhone XS Max, and iPhone XR, to fix a number of vulnerabilities in previous versions of iOS, iPadOs, macOS, and Safari.

Macs running macOS Sonoma 14.8.4 - Macs running macOS Sonoma Safari 26.3 - iPad 7th generation macOS Sequoia 15.7.4 - Macs running macOS Sonoma and macOS Sequoia Apple has taken action to fix its first actively exploited zero-day in 2026 with the most recent development.

Nine zero-day vulnerabilities that were exploited in the wild were fixed by the company last year.