Apple Patches Actively Exploited Flaw, Over 90 Vulnerabilities in macOS, iOS, and iPadOS in February 2026 Security Updates
Take action: Time to update your Apple devices. Prioritize iOS 26 devices, especially if you are a journalist or active in economy and policy - those are the first ones targeted by state actors to take control of mobile phones. Then all the rest of devices. Even if you are not a high profile target, update because hackers will learn to exploit the same flaws, so it will be open season on every vulnerable device.
Learn More
On February 11, 2026, Apple releasedsecurity updates spanning macOS Tahoe 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, iOS 26.3, iPadOS 26.3, iOS 18.7.5, and iPadOS 18.7.5.
Collectively, these updates address over 90 security vulnerabilities in the kernel, WebKit, CoreServices, ImageIO, Wi-Fi, Sandbox, Spotlight, and many others. The most critical fix targets an actively exploited zero-day flaw in dyld, Apple's Dynamic Link Editor — a system component responsible for loading dynamic libraries into memory.
The actively exploited vulnerability is tracked as CVE-2026-20700 (CVSS score 9.8), a memory corruption issue in dyld that allows an attacker with memory write capability to execute arbitrary code on affected devices.
Apple has acknowledged that this flaw may have been exploited in an "extremely sophisticated attack against specific targeted individuals" on versions of iOS prior to iOS 26. The vulnerability was discovered and reported by Google's Threat Analysis Group (TAG), a team that primarily tracks state-sponsored threat actors and commercial spyware vendors, suggesting the attacks may have been carried out by nation-state actors or advanced surveillance operators targeting high-value individuals such as politicians, journalists, or dissidents.
CISA has added CVE-2026-20700 to its Known Exploited Vulnerabilities catalog confirming active exploitation.
Beyond the zero-day, the updates resolve a significant number of additional vulnerabilities across all platforms. The key CVEs addressed across the updates include:
- CVE-2026-20700 — Memory corruption in dyld enabling arbitrary code execution (actively exploited zero-day)
- CVE-2026-20617 — Race condition in CoreServices allowing apps to gain root privileges
- CVE-2026-20615 — Path handling issue in CoreServices enabling root privilege escalation
- CVE-2026-20626 — Kernel flaw allowing malicious apps to gain root privileges
- CVE-2026-20671 — Logic issue in Kernel and libnetcore allowing network traffic interception
- CVE-2026-20667 — Logic issue in libxpc enabling sandbox escape
- CVE-2026-20628 — Permissions issue in Sandbox enabling sandbox escape
- CVE-2026-20621 — Memory handling issue in Wi-Fi causing system termination or kernel memory corruption
- CVE-2026-20611 — Out-of-bounds access in CoreAudio leading to app termination or memory corruption
- CVE-2026-20609 — Memory handling issue in CoreMedia leading to denial-of-service or memory disclosure
- CVE-2026-20660 — Path handling issue in CFNetwork allowing remote arbitrary file writes
- CVE-2026-20620 — Out-of-bounds read in GPU Drivers allowing system termination or kernel memory read
- CVE-2026-20634 / CVE-2026-20675 — ImageIO flaws leading to disclosure of process memory and user information
- CVE-2026-20652 / CVE-2026-20608 / CVE-2026-20644 / CVE-2026-20636 / CVE-2026-20635 — WebKit vulnerabilities causing denial-of-service or unexpected process crashes
- CVE-2026-20676 — WebKit issue allowing websites to track users through Safari web extensions
- CVE-2026-20616 — Out-of-bounds write in Model I/O when processing crafted USD files
- CVE-2026-20606 — UIKit flaw allowing apps to bypass Privacy preferences
- CVE-2026-20614 — Path handling issue in Remote Management enabling root privilege escalation
- CVE-2026-20658 — Package validation issue in Security enabling root privilege escalation (macOS Tahoe)
- CVE-2026-20650 — Bluetooth denial-of-service via crafted packets (macOS Tahoe, iOS 26.3)
- CVE-2026-20677 — Race condition in Messages enabling shortcuts to bypass sandbox restrictions
- CVE-2025-59375 — Denial-of-service vulnerability in the open-source libexpat library
- CVE-2025-43533 / CVE-2025-46300 through CVE-2025-46305 — Multi-Touch flaws discovered by Google Threat Analysis Group causing process crashes via malicious HID devices
Devices that can be updated to the latest version are iPhone 11 and later, iPhone XS, iPhone XS Max, iPhone XR, iPad Pro 12.9-inch (3rd generation and later), iPad Pro 11-inch (1st generation and later), iPad Air (3rd generation and later), iPad (7th generation and later), iPad (8th generation and later), iPad mini (5th generation and later), and all Mac devices running macOS Tahoe, Sequoia, or Sonoma.
Apple strongly advises all users to update their devices immediately to the latest available software versions iOS 26.3, iPadOS 26.3, macOS Tahoe 26.3, macOS Sequoia 15.7.4, or macOS Sonoma 14.8.4.
Users on older devices that cannot run iOS 26 should update to iOS 18.7.5 and iPadOS 18.7.5.
