Threats SHARE Apple Patches Actively Exploited Zero-Day Flaw Apple patched an exploited zero-day enabling code execution and urges immediate updates. Written By Ken Underhill Feb 12, 2026 eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More Apple is urging users to update immediately after patching a zero-day vulnerability that was exploited in what it described as “extremely sophisticated” attacks against specific individuals. The flaw, which impacts multiple Apple operating systems, allowed attackers to execute arbitrary code on vulnerable devices. “An attacker with memory write capability may be able to execute arbitrary code,” said Apple in its security advisory. What to Know About CVE-2026-20700 The vulnerability is tracked as CVE-2026-20700 . It affects dyld , which is Apple’s Dynamic Link Editor. Dyld is a core component responsible for loading and linking executable code across iOS, iPadOS, macOS, tvOS, watchOS, and visionOS. Because dyld operates at a foundational level within the operating system, a flaw in this component carries significant risk. Apple classified the issue as an arbitrary code execution vulnerability and warned that an attacker with memory write capability could exploit it to run malicious code on an affected device. In practical terms, successful exploitation could allow threat actors to execute payloads with elevated privileges, potentially enabling spyware deployment, data theft, or further privilege escalation as part of a broader attack chain. Apple confirmed that CVE-2026-20700 was exploited in the same incidents as two previously patched vulnerabilities, CVE-2025-14174 and CVE-2025-43529 , suggesting the possibility of exploit chaining. Apple confirmed that all three CVEs were exploited in targeted attacks, but did not elaborate on who was targeted, nor how they were stacked for the attack chain. The vulnerability affects a broad range of devices, including iPhone 11 and later models; iPad Pro (3rd generation and later); iPad Air (3rd generation and later); iPad (8th generation and later); iPad mini (5th generation and later); and Mac systems running macOS Tahoe. Apple has released patches for the vulnerability. Advertisement Reducing Mobile Endpoint Risk While applying patches is the most immediate priority, organizations should also implement additional controls to reduce exposure and manage risk. Mobile devices can store sensitive business data and support authentication workflows, which increases their importance in the enterprise environment. Patch all affected Apple devices immediately and enforce compliance through MDM with defined rapid patch SLAs. Implement conditional access policies that block outdated or unmanaged devices and require device health attestation before granting access to corporate resources. Deploy mobile threat defense and endpoint monitoring tools to detect exploit behavior, suspicious configuration changes, and anomalous network activity. Harden high-value accounts and devices by enforcing MFA , least privilege access, and enabling enhanced protections such as Lockdown Mode where appropriate. Segment mobile access to critical systems using zero trust principles to limit lateral movement if a device is compromised. Audit third-party app permissions and restrict unnecessary privileges , unmanaged browsing, and configuration profile installations to reduce post-exploitation persistence opportunities. Regularly test incident response plans through tabletop exercises that include mobile zero-day and targeted attack scenarios. These measures help reduce blast radius and strengthen mobile security posture. Apple’s latest zero-day patch reinforces that mobile devices must be managed as Tier 1 enterprise assets within the overall risk program. Even when exploitation is described as targeted, security teams should assume the potential for broader exposure and prioritize rapid remediation. Enforcing patch SLAs, layered technical controls, and continuous telemetry across mobile endpoints helps reduce operational risk and limit blast radius. To further reduce mobile and endpoint risk, organizations can adopt zero-trust solutions that enforce continuous verification and tightly controlled access across users, devices, and applications. Ken Underhill Ken Underhill is an award-winning cybersecurity professional, bestselling author, and seasoned IT professional. He holds a graduate degree in cybersecurity and information assurance from Western Governors University and brings years of hands-on experience to the field. Recommended for you... Threats 260K Users Exposed in AI Extension Scam Fake AI Chrome extensions exposed 260,000 users by using remote iframes to extract data and maintain persistent access. Ken Underhill Feb 13, 2026 Threats Malicious Chrome Extensions Hijack 500,000 VK Accounts in Stealth Campaign Malicious Chrome extensions hijacked over 500K VK ac