Apple iOS Zero-day Vulnerability Exploited in Attacks (CVE-2026-20700)

Apple released a security advisory to address its first zero-day vulnerability of the year. Tracked as CVE-2026-20700, successful exploitation of the vulnerability could lead to arbitrary code execution. Google Threat Analysis Group discovered and reported the vulnerability to Apple.

The vulnerability exists in dyld, the Dynamic Link Editor used by Apple operating systems, including iOS, iPadOS, macOS, tvOS, watchOS, and visionOS. An attacker with memory write permission may exploit the vulnerability to achieve arbitrary code execution. Apple addressed the memory corruption flaw with improved state management.

Apple mentioned in the advisory that they are “aware of a report that this issue may have been exploited in a highly sophisticated attack targeting specific individuals on versions of iOS before iOS 26. CVE-2025-14174 and CVE-2025-43529 were also issued in response to this report.”

Affected Products and Versions

• iPhone 11 and later
• iPad Pro 12.9-inch (3rd generation and later)
• iPad Pro 11-inch (1st generation and later)
• iPad Air (3rd generation and later)
• iPad (8th generation and later)
• iPad mini (5th generation and later)
• macOS Tahoe versions before 26.3

Mitigation

Apple released the following versions to patch the vulnerability:

• macOS Tahoe 26.3
• iOS 26.3 and iPadOS 26.3

For more information, please visit the Apple security advisories for macOS Tahoe, iOS, and iPadOS.

Qualys Detection

Qualys customers can scan their devices with QIDs 386542 and 610759 to detect vulnerable assets.

Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.

References
https://support.apple.com/en-us/126348
https://support.apple.com/en-us/126346