Apple Zero-Day Vulnerability Actively Exploited in Sophisticated Targeted Attacks - cyberpress.org

Apple Zero-Day Vulnerability Actively Exploited in Sophisticated Targeted Attacks By AnuPriya February 12, 2026 Categories: Cyber Security NewsCybersecurityVulnerabilityZero-day Apple has rushed out emergency security updates for iOS and iPadOS to address a critical zero-day vulnerability that is currently under active attack. Tracked as CVE-2026-20700, this flaw was flagged by Google’s Threat Analysis Group. Apple labels it part of “extremely sophisticated” cyberattacks targeting specific high-profile individuals, such as activists or journalists. The Core Problem: A dyld Memory Corruption Flaw At the heart of this issue sits dyld, Apple’s Dynamic Link Editor, a key system component that loads apps and libraries. The bug triggers memory corruption, where the system mishandles data storage. This creates a dangerous opening for attackers. In tech terms, it allows “arbitrary code execution.” Hackers can inject and run malicious code remotely, bypassing safeguards. Imagine a poisoned app link: clicking it lets attackers install spyware, steal contacts, or snoop on messages without you noticing. Apple rarely discloses active exploits, but they confirmed this one’s in the wild, possibly chained with older flaws like CVE-2025-14174 and CVE-2025-43529. Attackers likely use a browser entry point to trigger the dyld bug, seizing full device control. This zero-day hits iPhone 11 and later models, plus iPads like Pro (2018+), Air (3rd gen+), and mini (5th gen+). No older devices escape if running vulnerable iOS/iPadOS versions. The iOS 26.3 and iPadOS 26.3 updates go further, squashing multiple threats: CVE ID Component Type Severity Description CVE-2026-20700 dyld Memory Corruption Critical Enables arbitrary code execution; actively exploited. CVE-2025-14174 WebKit Use-after-free High Browser sandbox escape; chained in attacks. CVE-2025-43529 Kernel Privilege Escalation High Elevates app access to root level. CVE-2026-20701 Bluetooth Denial of Service Medium Nearby attackers crash devices. CVE-2026-20702 Wi-Fi Traffic Interception High Exposes network data. CVE-2026-20703 Photos Info Disclosure Medium Leaks data on locked devices. These patches block kernel root access, fix Bluetooth/Wi-Fi crashes or snooping, and secure Photos/Contacts from unauthorized peeks even on locked screens. Zero-days like this thrive in spyware campaigns, such as those from nation-state actors. Chaining bugs amplifies damage: one cracks the door, dyld kicks it wide open. Security firms like Google TAG spotted it via real-world targeting, underscoring the urgency. Apple urges immediate action. Head to Settings > General > Software Update, tap “Download and Install” for iOS/iPadOS 26.3. Enable auto-updates to stay ahead. No user interaction is needed for the exploit, so unpatched devices remain at risk. This incident highlights Apple’s cat-and-mouse game with elite hackers. Past zero-days hit NSO Group’s Pegasus; this could signal similar tools. Stay vigilant; updates are your best defense. Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google. Share Facebook Twitter Pinterest WhatsApp AnuPriya Any Priya is a cybersecurity reporter at Cyber Press, specializing in cyber attacks, dark web monitoring, data breaches, vulnerabilities, and malware. She delivers in-depth analysis on emerging threats and digital security trends. Recent Articles Malicious Browser Extensions Can Steal AI Chats in New “Prompt Poaching” Attack AI March 28, 2026 Fake Certificate Loader Conceals BlankGrabber Malware Chain Cyber Security News March 28, 2026 Open VSX Vulnerability lets malicious extension go live Cyber Security News March 28, 2026 European Commission Confirms Cyberattack After AWS Account Breach AWS March 28, 2026 BIND 9 Vulnerabilities Allow Attackers to Bypass Security and Crash Servers Cyber Security News March 27, 2026 Related Stories AI Malicious Browser Extensions Can Steal AI Chats in New “Prompt Poaching” Attack Mayura - March 28, 2026 Cyber Security News Fake Certificate Loader Conceals BlankGrabber Malware Chain Mayura - March 28, 2026 Cyber Security News Open VSX Vulnerability lets malicious extension go live Mayura - March 28, 2026 AWS European Commission Confirms Cyberattack After AWS Account Breach Mayura - March 28, 2026 Cyber Security News BIND 9 Vulnerabilities Allow Attackers to Bypass Security and Crash Servers AnuPriya - March 27, 2026 Cyber Security News VoidLink Rootkit Exploits eBPF and Kernel Modules For Stealth On Linux Varshini - March 27, 2026 LEAVE A REPLY Comment: Name:* Email:* Website: