Apple dyld Zero-Day (CVE-2026-20700) Added to CISA KEV After Targeted Exploitation
Apple disclosed and patched CVE-2026-20700, a zero-day affecting dyld (Apple’s Dynamic Link Editor) across multiple operating systems (iOS, iPadOS, macOS, tvOS, watchOS, and visionOS). Apple said the issue was exploited in “extremely sophisticated” attacks targeting specific individuals and described the flaw as enabling arbitrary code execution when an attacker already has memory-write capability, indicating use in advanced exploit chains rather than opportunistic mass exploitation.
CISA added CVE-2026-20700 to the Known Exploited Vulnerabilities (KEV) Catalog based on evidence of active exploitation and set a remediation due date of 2026-03-05 for U.S. federal civilian agencies under BOD 22-01, while urging all organizations to prioritize patching. The same CISA KEV update also added three other actively exploited vulnerabilities—CVE-2024-43468 (Microsoft Configuration Manager SQL injection), CVE-2025-15556 (Notepad++ WinGUp updater integrity-check weakness), and CVE-2025-40536 (SolarWinds Web Help Desk security control bypass)—but those are separate issues from the Apple dyld zero-day.
Related Entities
Vulnerabilities
Organizations
Sources
Related Stories
Apple Patches Actively Exploited dyld Zero-Day in iOS and Other Platforms
Apple released security updates to address an **actively exploited zero-day** tracked as **CVE-2026-20700**, warning it may have been used in an “extremely sophisticated” attack targeting specific individuals on versions of iOS prior to *iOS 26*. The flaw affects **`dyld` (Apple’s dynamic linker)** and can allow **arbitrary code execution** when an attacker already has **memory write** capability; reporting attributes discovery to **Google’s Threat Analysis Group** and notes it may have been used as part of an exploit chain. Apple shipped fixes across its ecosystem, including *iOS 26.3*, *iPadOS 26.3*, *macOS Tahoe 26.3*, *watchOS 26.3*, *tvOS 26.3*, and *visionOS 26.3*. The same reporting indicates Apple also issued patches tied to the broader report for **CVE-2025-14174** (an out-of-bounds memory access issue in Chrome’s **ANGLE** graphics component on Mac) and **CVE-2025-43529** (a **use-after-free** leading to code execution), and commentary from security practitioners emphasized that enterprise risk is driven by **patch deployment speed**—particularly where updates rely on end users rather than enforced device management.
1 months ago
Apple Zero-Day CVE-2026-20700 Patched Across iOS, macOS, and Other Platforms
Apple released security updates for **CVE-2026-20700**, a **zero-day** in `dyld` (the Dynamic Link Editor) that can enable **arbitrary code execution** when an attacker already has a memory-write capability. Apple said it is aware the issue “may have been exploited” in **extremely sophisticated, targeted attacks** against specific individuals, and credited **Google Threat Analysis Group (TAG)** with discovery. Apple also linked the same incident reporting to two earlier vulnerabilities (**CVE-2025-14174** and **CVE-2025-43529**) that were previously addressed. The fixes were shipped across Apple’s ecosystem, including **iOS/iPadOS**, **macOS** (including *macOS Tahoe*), **tvOS**, **watchOS**, and **visionOS**; impacted device families include iPhone 11 and later and multiple iPad generations, as well as Macs running *macOS Tahoe*. Canadian Centre for Cyber Security guidance echoed Apple’s warning of potential exploitation and urged rapid patching (e.g., **iOS/iPadOS 18.7.5** and **26.3** releases for newer OS lines). Other vendor advisories published in the same period (HPE, Chrome, Intel, Fortinet, Siemens, Dell, CISA ICS, IBM, Red Hat) are unrelated to the Apple zero-day and reflect routine multi-vendor patch activity rather than the specific exploitation event.
1 months ago
CISA Flags Actively Exploited Vulnerabilities in SolarWinds Web Help Desk and Major Platforms
**CISA added multiple vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog**, triggering mandatory remediation timelines for U.S. federal civilian agencies. The newly listed issues include an actively exploited flaw in **SolarWinds Web Help Desk** (`CVE-2025-40536`) with an accelerated patch deadline, alongside additional KEV additions affecting **Apple** platforms (iOS, macOS, tvOS, watchOS, visionOS), **Microsoft** products, and **Notepad++**. Apple stated it was aware of reports the issue “may have been exploited in an extremely sophisticated attack against specific targeted individuals,” with **Google Threat Analysis Group** credited with discovery, underscoring continued targeting of high-value users via mobile/endpoint zero-days. Separate reporting highlighted the broader operational context driving these directives: **Microsoft’s February security update** addressed **59 vulnerabilities**, including **six zero-days under active exploitation**, reinforcing that exploit timelines are compressing and patching is increasingly a “defense sprint.” In parallel, CISA also moved to reduce systemic exposure at the perimeter by ordering agencies to **remove unsupported network edge devices** (e.g., firewalls/routers) within a year, reflecting concern that end-of-support infrastructure and rapidly weaponized vulnerabilities are converging into a persistent, high-impact federal risk.
1 months ago