A newly disclosed Apple zero‑day vulnerability (CVE‑2026‑20700) allows attackers with memory‑write capabilities to execute arbitrary code on affected devices.
Severity level:-
CVSS Score: 7.8/high
Description:- CVE‑2026‑20700 is a memory corruption vulnerability affecting Apple’s dyld (Dynamic Link Editor) component. Dyld is responsible for loading dynamic libraries and linking application code within Apple operating systems. Improper state management and insufficient memory‑safety controls can allow an attacker with memory write capability to achieve arbitrary code execution.
Affected Versions :-
- iOS – versions prior to 26.3
- iPadOS – versions prior to 26.3
- iOS – versions prior to 18.7.5
- iPadOS – versions prior to 18.7.5
- macOS Tahoe – versions prior to 26.3
- macOS Sequoia – versions prior to 15.7.4
- macOS Sonoma – versions prior to 14.8.4
- tvOS – versions prior to 26.3
- watchOS – versions prior to 26.3
- visionOS – versions prior to 26.3
Impact:-
Successful exploitation may allow attackers to execute arbitrary code at the OS level.
Resolution:-
Update to the following patched OS versions or later:-
- iOS 26.3 / iPadOS 26.3
- macOS Tahoe 26.3
- tvOS 26.3
- watchOS 26.3
- visionOS 26.3
- iOS / iPadOS 18.7.5
- macOS Sequoia 15.7.4
- macOS Sonoma 14.8.4
Reference:-
UIT Information Security