Apple has released security updates for all of its major platforms — iPhone, iPad, Mac, Apple Watch, Apple TV, and Apple Vision Pro — to fix a zero-day vulnerability that was already being used in real attacks. The flaw, tracked as CVE-2026-20700, lives in dyld, the low-level program loader that every Apple device uses to start apps. An attacker who exploits it can run their own code on a victim’s device without the owner ever knowing.
Google’s Threat Analysis Group discovered and reported the bug. Apple says the attacks were “extremely sophisticated” and targeted specific individuals — not broad sweeps. Even so, the vulnerability now has a public spotlight, which typically accelerates attempts to use it more widely. Researchers also confirmed it was part of the same attack chain as two earlier WebKit flaws fixed last December (CVE-2025-14174 and CVE-2025-43529). Updating to iOS 26 closes the door on all three.
How to check if you’re affected
Affected devices include any iPhone, iPad, Mac, Apple Watch, Apple TV, or Vision Pro running software versions older than the iOS 26 / macOS 26 release family.
- iPhone / iPad: Open Settings → General → Software Update. If it shows iOS 26 (or a later 26.x update), you’re protected. Install immediately if it shows a pending update.
- Mac: Go to System Settings → General → Software Update. Install macOS 26 or the latest available security update.
- Apple Watch, Apple TV, Vision Pro: Check for updates in their respective Settings → General → Software Update menus.