The update addresses CVE-2026-20700, a memory-corruption flaw discovered by Google’s Threat Analysis Group, which enables arbitrary code execution for attackers with memory-write access.
Dyld, Apple’s Dynamic Link Editor, handles loading and linking of dynamic libraries across iOS, macOS, and other platforms. This flaw (CVE-2026-20700) stems from improper state management, allowing memory corruption that leads to code execution.
Apple notes it was part of “an extremely sophisticated attack against specific targeted individuals” on iOS versions before 26, linking it to prior fixes CVE-2025-14174 and CVE-2025-43529 from December 2025.
The attack chain likely begins with initial access possibly via phishing or zero-click exploits gaining memory write privileges before leveraging dyld for persistence or escalation.
Targeted victims include high-profile individuals like journalists or activists, consistent with nation-state spyware campaigns such as Pegasus or those attributed to Google’s reports. No public proof-of-concept exists, but Apple’s rapid patching underscores the threat’s severity.
Exploitation requires prior compromise, perhaps through WebKit rendering or kernel bugs also patched in this update. Once memory write is achieved, attackers corrupt dyld’s state during library loading, hijacking control flow to execute shellcode.
This bypasses mitigations like Pointer Authentication Codes (PAC) or KASLR if chained cleverly, potentially installing persistent spyware for data exfiltration.
Apple fixed it with “improved state management,” likely enhancing validation in dyld’s memory allocation and linking phases. Affected devices span iPhone 11+, recent iPad Pros, Airs, and minis billions at risk if unpatched.
iOS 26.3 patches 37+ issues across Accessibility (lock screen leaks), Kernel (root escalation), WebKit (DoS/crashes), and Sandbox (breakouts). Notable: CoreServices race conditions for root (CVE-2026-20617/20615), Photos lock screen access (CVE-2026-20642). Credits go to researchers like Jacob Prezant, Trend Micro ZDI, and anonymous finders.
This marks Apple’s first 2026 zero-day fix, following seven in 2025, signaling persistent advanced threats. While targeted, public disclosure risks wider abuse; mass-market spyware remains unlikely without remote entry.
Users should update immediately via Settings > General > Software Update—automatic installs are enabled by default. Enterprises: enforce MDM policies, monitor for anomalies via Apple Unified Logging.
Disable unnecessary features like iPhone Mirroring (patched UI issue CVE-2026-20640). Cybersecurity pros: analyze dyld for similar flaws; watch CISA KEV catalog for mandates.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Apple 0-Day Vulnerability Actively Exploited in Sophisticated Attack to Target Individuals appeared first on Cyber Security News.
LAWRENCE, Ind. (WOWO) — The Indiana Department of Natural Resources is trying to figure out…
Xbox's Elite 3 controller has leaked ahead of its summer showcase event. Earlier today, Xbox's…
Director Matt Reeves has revealed the full cast for The Batman Part II, confirming several…
Looking for a powerful ebike with the speed and range to meet your ambitious needs?…
Marathon is attempting to broaden its playerbase with new offerings, such as a PVE-only mode.…
A Russian state-sponsored hacking group known as Sandworm has been caught making a calculated pivot…
This website uses cookies.