Apple 0-Day Vulnerability Actively Exploited in Sophisticated Attack to Target Individuals - CybersecurityNews

Home Cyber Security News Apple 0-Day Vulnerability Actively Exploited in Sophisticated Attack to Target Individuals Apple 0-Day Vulnerability Exploited Apple released iOS 26.3 and iPadOS 26.3 on February 11, 2026, patching over 40 vulnerabilities, including a critical zero-day in the dyld component actively exploited in targeted attacks. The update addresses CVE-2026-20700, a memory-corruption flaw discovered by Google’s Threat Analysis Group, which enables arbitrary code execution for attackers with memory-write access. Dyld, Apple’s Dynamic Link Editor, handles loading and linking of dynamic libraries across iOS, macOS, and other platforms. This flaw (CVE-2026-20700) stems from improper state management, allowing memory corruption that leads to code execution. Apple notes it was part of “an extremely sophisticated attack against specific targeted individuals” on iOS versions before 26, linking it to prior fixes CVE-2025-14174 and CVE-2025-43529 from December 2025. The attack chain likely begins with initial access possibly via phishing or zero-click exploits gaining memory write privileges before leveraging dyld for persistence or escalation. Targeted victims include high-profile individuals like journalists or activists, consistent with nation-state spyware campaigns such as Pegasus or those attributed to Google’s reports. No public proof-of-concept exists, but Apple’s rapid patching underscores the threat’s severity. Apple 0-Day Vulnerability Exploited Exploitation requires prior compromise, perhaps through WebKit rendering or kernel bugs also patched in this update. Once memory write is achieved, attackers corrupt dyld’s state during library loading, hijacking control flow to execute shellcode. This bypasses mitigations like Pointer Authentication Codes (PAC) or KASLR if chained cleverly, potentially installing persistent spyware for data exfiltration. Apple fixed it with “improved state management,” likely enhancing validation in dyld’s memory allocation and linking phases. Affected devices span iPhone 11+, recent iPad Pros, Airs, and minis billions at risk if unpatched. iOS 26.3 patches 37+ issues across Accessibility (lock screen leaks), Kernel (root escalation), WebKit (DoS/crashes), and Sandbox (breakouts). Notable: CoreServices race conditions for root (CVE-2026-20617/20615), Photos lock screen access (CVE-2026-20642). Credits go to researchers like Jacob Prezant, Trend Micro ZDI, and anonymous finders. This marks Apple’s first 2026 zero-day fix, following seven in 2025, signaling persistent advanced threats. While targeted, public disclosure risks wider abuse; mass-market spyware remains unlikely without remote entry. Users should update immediately via Settings > General > Software Update—automatic installs are enabled by default. Enterprises: enforce MDM policies, monitor for anomalies via Apple Unified Logging. Disable unnecessary features like iPhone Mirroring (patched UI issue CVE-2026-20640). Cybersecurity pros: analyze dyld for similar flaws; watch CISA KEV catalog for mandates. Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories. RELATED ARTICLESMORE FROM AUTHOR Cyber Security News Qihoo 360 Leaked Its Own Wildcard SSL Private Key Inside Public AI Installer Cyber Security News Fake FileZilla Downloads Lead to RAT Infections Through Stealthy Multi-Stage Loader Cyber Security News New ACRStealer Variant Uses Syscall Evasion, TLS C2 and Secondary Payload Delivery Top 10 Essential E-Signature Solutions for Cybersecurity in 2026 January 31, 2026 Top 10 Best Data Removal Services In 2026 January 29, 2026 Best VPN Services of 2026: Fast, Secure & Affordable January 26, 2026 Top 10 Best Data Security Companies in 2026 January 23, 2026 Top 15 Best Ethical Hacking Tools – 2026 January 15, 2026