Apple patches “sophisticated” zero day attack targeting specific iPhone users

Apple has issued an urgent security update to address what it describes as an “extremely sophisticated” zero day attack targeting specific iPhone users.

The fix arrived with iOS 26.3 and iPadOS 26.3, after the vulnerability was flagged by Google Threat Analysis Group, a division known for tracking state sponsored cyber activity.

In a security advisory, Apple said it is “aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26.”

What is CVE 2026 20700

The flaw, tracked as CVE 2026 20700, involves a memory corruption issue in Apple’s Dynamic Link Editor, a core system component responsible for loading and linking software libraries within apps.

Apple explained that if an attacker already had the ability to write memory on a device, the flaw could be abused to execute malicious code. That would potentially allow hackers to tamper with the operating system.

On its own, the vulnerability cannot fully compromise an iPhone. However, Apple indicated it was likely used as part of a broader chain of exploits designed to remotely infiltrate targeted devices.

The company linked the issue to two previously undisclosed vulnerabilities, CVE 2025 14174 and CVE 2025 43529, which were patched in December. Those earlier flaws involved the processing of maliciously crafted web content, suggesting the attack vector may have originated from phishing websites or messages.

Possible spyware deployment

While Apple has not confirmed the nature of the campaign, security experts say such exploit chains are often associated with spyware operations. Groups behind these attacks typically focus on a small number of high value targets, including journalists, politicians and human rights advocates, to reduce the likelihood of detection.

Google’s Threat Analysis Group frequently investigates government sponsored cyber activity, reinforcing the possibility that the vulnerability may have been used in targeted surveillance operations.

Apple did not disclose how many users were affected, nor how long the exploit may have been active. However, the advisory suggests attackers were targeting users running older versions of iOS. iOS 26 first launched in September.

Patches beyond iPhone

In addition to iOS and iPadOS, Apple has also released patches addressing CVE 2026 20700 for macOS, visionOS, tvOS and watchOS, signalling that the vulnerability potentially affected multiple platforms within the Apple ecosystem.

To further protect against advanced threats, Apple offers a feature known as Lockdown Mode, designed for individuals who may face targeted attacks. The mode restricts certain device functions and has previously been credited with blocking sophisticated spyware attempts.

How to update

Apple is urging users to update their devices as soon as possible. iPhone and iPad owners can install the patch by navigating to Settings, then General, then Software Update. Devices with automatic updates enabled will install the fix automatically.

While the attack appears to have targeted a limited group of individuals, the incident highlights the continuing evolution of high level cyber threats and the importance of keeping devices updated.

For most users, installing the latest software remains the simplest and most effective defence.

Photo Credit: DepositPhotos.com