Apple has issued updates for its iPhone, iPad and Mac operating systems after finding that a previously unknown flaw was used in an “extremely sophisticated” attack.
The issue, tracked as CVE-2026-20700, exploits a memory corruption issue in dyld, the Dynamic Link Editor used by a range of Apple devices, to allow an attacker with memory-write capability to execute arbitrary code, Apple said.
Zero-day flaw
It said Google Threat Analysis Group discovered the issue, which Apple said was used along with two other previously patched flaws to carry out attacks on specific people.
“Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26,” Apple said in an advisory.
Apple said the patches it issued in December for the two other flaws, tracked as CVE-2025-14174 and CVE-2025-43529, were created in response to the same report.
Phone hacking
This indicates that the newly fixed bug was left unpatched for several weeks.
Apple has in the past taken issue with Google over reports of threats to iPhone users that it felt were overstated.
Surveillance firms such as NSO Group typically use zero-day flaws to install their software on smartphones, including iPhones.
