Apple Fixes CVE-2026-20700 Zero-Day Across iOS and macOS Family

by Justin Erickson

Apple has released security updates for iOS, iPadOS, macOS, tvOS, watchOS, visionOS, and Safari to address a zero-day vulnerability – CVE-2026-20700. The flaw is a memory corruption bug in dyld, the Dynamic Link Editor that loads applications on Apple devices. A hacker with memory write access could exploit it to run arbitrary code on said devices. This is Apple’s first actively exploited zero day disclosed in 2026 – that CISA has added to its Known Exploited Vulnerabilities (KEV) catalog. According to MalwareBytes, “Apple says the vulnerability was used as part of an infection chain combined with CVE-2025-14174 and CVE-2025-43529 against devices running iOS versions prior to iOS 26.” These two additional vulnerabilities were patched in December. A list of the updates for each specific device or operating system are in the Malwarebytes and Hacker News articles below.