InfoSecBulletin Cybersecurity for mankind
Apple has released an urgent security update for all its mobile devices to fix a serious zero-day vulnerability being exploited in a targeted attack describes as an “extremely sophisticated attack” against specific individuals.
CVE-2026-20700 is a serious vulnerability that prompted Apple to release iOS 26.3 and iPadOS 26.3 to protect users from unauthorized code execution.
New Windows Defender ‘RoguePlanet’ zero-day grants SYSTEM privileges
Microsoft June Patches 200 Vulnerabilities including 3 zero days
World’s first wind power underwater data center is now live
VMware Fixed Multiple Flaws Allow Attackers to Inject Malicious Scripts
CVE-2026-50751
Check Point VPN 0-day Flaw Exploited in the Wild
AI-designed First ‘universal vaccine’ tested in humans
China Unveils First Prefabricated Data Center Base, Reducing Construction Time by 70%
Hacker now exploits recently patched SolarWinds Serv-U flaw
Cisco SD-WAN Flaw Exploited and Trend Micro Flaws Allows to Security Bypass
Ransomware Crisis Deepens: 4,089 Victims Hit Across 121 Countries in 2026
While Apple rarely details active campaigns, the advisory for CVE-2026-20700 contains a warning. The company confirmed it is “aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.”
The terms “sophisticated” and “targeted” usually refer to state-sponsored spying or commercial spyware. Google’s Threat Analysis Group (TAG) found this, indicating the exploit was likely aimed at journalists, dissidents, or diplomats, not the general public.
The vulnerability is in dyld, Apple’s Dynamic Link Editor, which loads shared libraries and frameworks when apps start.
Because dyld operates at such a low level, a vulnerability here is particularly dangerous. Apple notes that the flaw allows for Arbitrary Code Execution (ACE), stating that “an attacker with memory write capability may be able to execute arbitrary code.”
Apple’s update notes suggest that CVE-2026-20700 is linked to a larger exploit chain. They also disclosed two additional vulnerabilities—CVE-2025-14174 and CVE-2025-43529—were released due to this report, indicating that attackers combined several weaknesses to circumvent security measures.
The vulnerability affects a broad range of modern Apple devices. The patch applies to:
iPhone: iPhone 11 and later.
iPad Pro: 12.9-inch (3rd gen+), 11-inch (1st gen+).
iPad Air: 3rd generation and later.
iPad: 8th generation and later.
iPad mini: 5th generation and later.
Due to confirmed exploitation, this is an urgent update. Users should go to Settings > General > Software Update and install iOS 26.3 or iPadOS 26.3 immediately to protect against this advanced threat.
