Apple has released security updates to fix a zero-day vulnerability that was exploited in an "extremely sophisticated attack" targeting specific individuals.

Tracked as CVE-2026-20700, the flaw is an arbitrary code execution vulnerability in dyld, the Dynamic Link Editor used by Apple operating systems, including iOS, iPadOS, macOS, tvOS, watchOS, and visionOS.

Apple's security bulletin warns that an attacker with memory write capability may be able to execute arbitrary code on affected devices.

Apple says it is aware of reports that the flaw, along with the CVE-2025-14174 and CVE-2025-43529 flaws fixed in December, were exploited in the same incidents.

"An attacker with memory write capability may be able to execute arbitrary code," reads Apple's security bulletin.

"Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 and CVE-2025-43529 were also issued in response to this report."

Apple says Google's Threat Analysis Group discovered CVE-2026-20700. The company did not provide any further details about how the vulnerability was exploited.

Affected devices include:

• iPhone 11 and later
• iPad Pro 12.9-inch (3rd generation and later)
• iPad Pro 11-inch (1st generation and later)
• iPad Air (3rd generation and later)
• iPad (8th generation and later)
• iPad mini (5th generation and later)
• Mac devices running macOS Tahoe

Apple fixed the vulnerability in iOS 18.7.5, iPadOS 18.7.5, macOS Tahoe 26.3, tvOS 26.3, watchOS 26.3, and visionOS 26.3.

While Apple says the flaw was exploited in targeted attacks, users are advised to install the latest updates to protect their devices.

This is the first Apple zero-day fixed in 2026, with the company fixing seven in 2025.