iOS 26.3 Fixes an Important Security Flaw Exploited in Targeted Hacker Attacks. Update Now!

Apple has issued an important security update addressing a zero-day vulnerability exploited by hackers in targeted attacks.

Apple updated its entire product lineup this week, rolling out new versions of iOS, iPadOS, macOS, tvOS, watchOS, and visionOS.

In typical fashion, the Cupertino tech titan took the opportunity to address several vulnerabilities recently discovered by security researchers – including a serious flaw said to be exploited by hackers in the wild.

‘Extremely sophisticated attack’

The vulnerability, tracked as CVE-2026-20700, is a memory corruption issue in Dynamic Link Editor (dyld), a component responsible for loading, linking, and preparing dynamic libraries (dylibs) and frameworks at runtime before an application executes its main function.

“An attacker with memory write capability may be able to execute arbitrary code,” according to the advisory. “Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26.”

The issue was likely exploited as part of an exploit-chain leveraging two other issues (tracked as CVE-2025-14174 and CVE-2025-43529), where attackers combine multiple, sequential, and interdependent vulnerabilities to achieve a deeper, more comprehensive compromise than a single exploit would have allowed.

iPhone and iPad users running iOS 26 are strongly advised to apply this week’s updates, for peace of mind.

The flaw, discovered and reported by Google’s Threat Analysis Group (TAG), is also addressed on macOS Tahoe, tvOS, watchOS, and visionOS.

Notably, CVE-2026-20700 is the first zero-day vulnerability addressed by Apple this year.

Dozens more issues addressed across the board

In addition to fixing this serious flaw, Apple has addressed dozens more security flaws across its entire product lineup.

As of this week, Apple users want to be on the following software versions:

iOS 26.3 and iPadOS 26.3 – available for iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and newer, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and newer.

iOS 18.7.5 and iPadOS 18.7.5 – available for iPhone XS, iPhone XS Max, iPhone XR, iPad 7th generation

macOS Tahoe 26.3 – available for Macs running macOS Tahoe

macOS Sequoia 15.7.4 – available for Macs running macOS Sequoia

macOS Sonoma 14.8.4 – available for Macs running macOS Sonoma

tvOS 26.3 – available for Apple TV HD and Apple TV 4K (all models)

watchOS 26.3 – available for Apple Watch Series 6 and newer

visionOS 26.3 – available for Apple Vision Pro (all models)

Safari 26.3 – for Mac users postponing the full OS update

iOS 26.3 lets you limit collection of location data

iOS 26.3 also includes a privacy enhancement, offering users a feature called ‘Limit Precise Location’ – a way to limit cell networks from collecting precise location data.

“Cellular networks can determine your location based on which cell towers your device connects to,” according to a support doc from the tech behemoth. “The limit precise location setting enhances your location privacy by reducing the precision of location data available to cellular networks.”

“With this setting turned on, some information made available to cellular networks is limited,” Apple explains. “As a result, they might be able to determine only a less precise location — for example, the neighborhood where your device is located, rather than a more precise location (such as a street address).”

Apple assures customers that the setting will not impact signal quality or user experience.

Take ‘exploitable’ security issues seriously!

As we note whenever we report on Apple security updates, issues like CVE-2026-20700 have historically been exploited to deploy spyware on the devices of activists, dissidents, political rivals, human rights advocates, investigative journalists and high-profile figures in general. Fellow Big-Tech players like Google and Meta have been fighting the spyware threat for years.

Even if you’re not a high-risk person, it’s always a good idea to stay up to date with the latest security patches – you never know when you trip a wire and become a target.

For peace of mind, run an independent security solution on all your personal devices. On Apple devices, keep the trusty Lockdown Mode toggle handy if you have reason to believe hackers might target you.

You may also want to read:

Why Don’t You Use a Mobile Security App? We Ask Netizens

Apple Taps Google’s Gemini to Power Siri, Says Privacy Remains a Priority

iOS 26.3 Lets You Limit Collection of Location Data from Cell Towers – Here’s How to Enable It