Apple Fixes Exploited Zero-Day Affecting iOS, macOS, and Apple Devices

Apple Fixes Exploited Zero-Day Affecting iOS, macOS, and Apple Devices
嗯，用户让我总结这篇文章的内容，控制在100字以内，而且不需要用“文章内容总结”之类的开头。我先快速浏览一下文章。文章主要讲的是苹果公司发布了多个操作系统更新，修复了一个零日漏洞CVE-2026-20700。这个漏洞被描述为dyld组件中的内存腐败问题，可能导致代码执行。谷歌威胁分析组发现了这个漏洞，并且报告给了苹果。苹果还提到了另外两个CVE，CVE-2025-14174和CVE-2025-43529，这两个漏洞已经在去年12月修复了。前者是ANGLE的Metal渲染器中的内存越界访问问题，后者是WebKit中的use-after-free漏洞。更新影响了iOS、iPadOS、macOS Tahoe、tvOS、watchOS和visionOS等多个设备和系统版本。此外，苹果还修复了旧版本操作系统中的其他漏洞。总结一下，我需要把这些关键点浓缩到100字以内。重点包括苹果修复零日漏洞，谷歌发现的，影响多个系统版本，以及另外两个已修复的漏洞。可能的结构是：苹果发布更新修复零日漏洞CVE-2026-20700，该漏洞被谷歌发现并报告；同时修复了其他两个已知漏洞，并影响多个设备系统版本。这样应该可以控制在100字以内。 </think> Apple发布多款操作系统更新修复零日漏洞CVE-2026-20700，该漏洞由Google发现并报告。此漏洞存在于dyld组件中，可能导致代码执行。同时修复了另两个已知漏洞，并影响多设备系统版本。 2026-2-12 05:39:0 Author: thehackernews.com(查看原文) 阅读量:2 收藏

Apple on Wednesday released iOS, iPadOS, macOS Tahoe, tvOS, watchOS, and visionOS updates to address a zero-day flaw that it said has been exploited in sophisticated cyber attacks.

The vulnerability, tracked as CVE-2026-20700 (CVSS score: N/A), has been described as a memory corruption issue in dyld, Apple's Dynamic Link Editor. Successful exploitation of the vulnerability could allow an attacker with memory write capability to execute arbitrary code on susceptible devices. Google Threat Analysis Group (TAG) has been credited with discovering and reporting the bug.

"Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26," the company said in an advisory. "CVE-2025-14174 and CVE-2025-43529 were also issued in response to this report."

It's worth noting that both CVE-2025-14174 and CVE-2025-43529 were addressed by Cupertino in December 2025, with the former first disclosed by Google as having been exploited in the wild. CVE-2025-14174 (CVSS score: 8.8) relates to an out-of-bounds memory access in ANGLE's Metal renderer component. Metal is a high-performance hardware-accelerated graphics and compute API developed by Apple.

CVE-2025-43529 (CVSS score: 8.8), on the other hand, is a use-after-free vulnerability in WebKit that may lead to arbitrary code execution when processing maliciously crafted web content.

The updates are available for the following devices and operating systems -

iOS 26.3 and iPadOS 26.3 - iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
macOS Tahoe 26.3 - Macs running macOS Tahoe
tvOS 26.3 - Apple TV HD and Apple TV 4K (all models)
watchOS 26.3 - Apple Watch Series 6 and later
visionOS 26.3 - Apple Vision Pro (all models)

In addition, Apple has also released updates to resolve various vulnerabilities in older versions of iOS, iPadOs, macOS, and Safari -

iOS 18.7.5 and iPadOS 18.7.5 - iPhone XS, iPhone XS Max, iPhone XR, iPad 7th generation
macOS Sequoia 15.7.4 - Macs running macOS Sequoia
macOS Sonoma 14.8.4 - Macs running macOS Sonoma
Safari 26.3 - Macs running macOS Sonoma and macOS Sequoia

With the latest development, Apple has moved to address its first actively exploited zero-day in 2026. Last year, the company patched nine zero-day vulnerabilities that were exploited in the wild.

Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.

文章来源: https://thehackernews.com/2026/02/apple-fixes-exploited-zero-day.html
如有侵权请联系:admin#unsafe.sh