CVE-2026-20700 – Apple dyld Memory Corruption Vulnerability

Apple released security updates to address CVE-2026-20700 with CVSS Score of 7.8, a memory corruption vulnerability in dyld, the Dynamic Link Editor used across , iPadOS, macOS, tvOS, watchOS, and visionOS. The issue could allow an attacker with memory write capabilities to execute arbitrary code on a vulnerable device. Because dyld operates at a low system level, successful exploitation could allow installation of spyware, persistent malware, or other malicious payloads with elevated privileges.

Apple confirmed that this vulnerability was actively exploited in extremely sophisticated, targeted attacks before the patch was released, making it a true zero-day. This significantly raises the severity and real-world impact. While an official CVSS score has not been publicly confirmed, the nature of the vulnerability and confirmed exploitation indicate high to critical risk. There is no publicly available proof-of-concept exploit code at this time.

The fix is included in the latest versions of iOS, iPadOS, macOS, tvOS, watchOS, and visionOS in release 26.3, as well as supported older operating system branches.