InfoSecBulletin Cybersecurity for mankind
Apple has released an urgent security update for all its mobile devices to fix a serious zero-day vulnerability being exploited in a targeted attack describes as an “extremely sophisticated attack” against specific individuals.
CVE-2026-20700 is a serious vulnerability that prompted Apple to release iOS 26.3 and iPadOS 26.3 to protect users from unauthorized code execution.
WhatsApp to allow usernames instead of phone numbers
Linux Unveils New Open Source Security Project “Akrites” For (OSS) Ecosystem
Data breach affects 14.2 million email logins across six ISPs
Asian Two AI startups launch Mythos-like Model
Polymarket Hack Reportedly Results in $3 Million Theft
Anthropic Confirms US Infrastructure Redeployment of Claude Mythos 5
Hackers Target Cloudflare-Hosted AWS Domains to Steal Console Logins
Daily Cyber security update for 26. 06. 2026
WhatsApp to Alert Users Before Chatting With New Numbers
OpenAI unveils its first custom chip, Named Jalapeño
While Apple rarely details active campaigns, the advisory for CVE-2026-20700 contains a warning. The company confirmed it is “aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.”
The terms “sophisticated” and “targeted” usually refer to state-sponsored spying or commercial spyware. Google’s Threat Analysis Group (TAG) found this, indicating the exploit was likely aimed at journalists, dissidents, or diplomats, not the general public.
The vulnerability is in dyld, Apple’s Dynamic Link Editor, which loads shared libraries and frameworks when apps start.
Because dyld operates at such a low level, a vulnerability here is particularly dangerous. Apple notes that the flaw allows for Arbitrary Code Execution (ACE), stating that “an attacker with memory write capability may be able to execute arbitrary code.”
Apple’s update notes suggest that CVE-2026-20700 is linked to a larger exploit chain. They also disclosed two additional vulnerabilities—CVE-2025-14174 and CVE-2025-43529—were released due to this report, indicating that attackers combined several weaknesses to circumvent security measures.
The vulnerability affects a broad range of modern Apple devices. The patch applies to:
iPhone: iPhone 11 and later.
iPad Pro: 12.9-inch (3rd gen+), 11-inch (1st gen+).
iPad Air: 3rd generation and later.
iPad: 8th generation and later.
iPad mini: 5th generation and later.
Due to confirmed exploitation, this is an urgent update. Users should go to Settings > General > Software Update and install iOS 26.3 or iPadOS 26.3 immediately to protect against this advanced threat.
