Apple patches actively exploited zero-day in iOS 26.3

Apple patches actively exploited zero-day in iOS 26.3

Apple has released a major security update, patching an actively exploited zero-day vulnerability. The fix is part of the official release of iOS 26.3, iPadOS 26.3, and macOS Tahoe.

The update also includes new features, like more seamless data transfer between iPhone and Android. Other security patches address bugs in Photos, VoiceOver, and Screenshots.

Details on the critical dyld vulnerability

The zero-day, tracked as CVE-2026-20700, is a memory corruption issue in dyld, Apple's Dynamic Link Editor. Apple says the flaw could allow an attacker with memory write capability to execute arbitrary code on a device.

In its security bulletin, Apple stated the vulnerability "may have been exploited in an extremely sophisticated attack against specific targeted individuals." It was used alongside two other known vulnerabilities, CVE-2025-14174 and CVE-2025-43529.

While the highest-risk targets are likely high-profile individuals, Apple recommends all users install the update immediately.

Which devices are affected and updated

The security patch is available for a wide range of iPhones, iPads, and all Macs running macOS Tahoe. The following devices are supported:

• iPhone 11 and later
• iPad Pro 12.9-inch (3rd generation and later)
• iPad Pro 11-inch (1st generation and later)
• iPad Air (3rd generation and later)
• iPad (8th generation and later)
• iPad mini (5th generation and later)

How to install the security update

You should install the update directly through your device's settings. The safest method is to navigate to Settings > General > Software Update.

Apple will never message you with links or attachments to install security fixes. Always use the official Software Update section in your settings to download and install patches.

To ensure you receive critical updates automatically in the future, you can enable automatic updates in the same Software Update menu.