/pcq/media/agency_attachments/2025/02/06/2025-02-06t100846387z-pcquest-new-logo-png.png){kind=logo}
/pcq/media/member_avatars/2024-08-28t070132803z-img_7046.jpg )
Follow Us/pcq/media/media_files/2026/02/12/apple-zero-day-2026-ios-2026-02-12-20-08-21.jpg)
If you received an alert this week indicating that there’s a new iOS 26.3 security update, it’s a good idea to take action on it. Apple has recently patched its first Apple zero-day vulnerability of 2026 (CVE-2026-20700) in the form of a security exploit being used for incredibly sophisticated targeted attacks this vulnerability affects all versions of iOS, iPadOS, macOS Tahoe 26.3, watchOS, tvOS and visionOS.
Yes, iOS 26.3 is safe to trust and install. Most importantly, be sure to do it immediately!
What is CVE-2026-20700 and why should you care
The problem lies within dyld - Apple's much relied upon Dynamic Link Editor. This fundamental piece of software is what lets your apple devices load library's in the background. It was discovered by security researchers at Google's Threat Analysis Group.
CVE-2026-20700 is nothing to sneeze at it's a nasty memory corruption bug that can potentially be exploited by attackers who already have write access to system memory. To put it bluntly that can open the door to some pretty nasty stuff - think spyware, and long-term malware that's hard to get rid of.
Apple has said the exploit was specifically used against "a number of individuals who were looking at using older versions of iOS. That sort of language doesn't usually get bandied about unless there's a very targeted bunch of people at the end of the spear.
While the majority of users were not the direct target of this attack, when a zero-day exploit like this gets out the copycats start to show up. So its essential that you get the patch as soon as you can.
Its part of a bigger story
The fix for CVE-2026-20700 also wrapped up two other bugs that were patched back in December 2025
- CVE-2025-14174 - ANGLE's Metal renderer had a flaw with accessing memory in the wrong place (CVSS 8.8).
- CVE-2025-43529 - there was a use-after-free bug in WebKit that let hackers execute code via some dodgy web content (CVSS 8.8).
It's a common pattern for security experts to see - WebKit bugs get used to get in the door - then deeper system flaws get exploited to give the hackers more control of the system.
Apple says that they sorted out the issue by improving how dyld handles state
Who needs to patch up right now
If you are running:
- iOS 26.3 and iPadOS 26.3 - that's iPhone 11 and newer models.
- macOS Tahoe 26.3
- watchOS 26.3
- tvOS 26.3
- visionOS 26.3
You can install the latest software. Older supported devices got some security upgrades too, including iOS 18.7.5 and 14.8.4 for macOS Sonoma.
Just head over to Settings > General > Software Update to get the latest fix.
How to Check If You're At a Higher Risk of Being Targeted
Apple does let users know if they happen to be on the radar of state sponsored hackers.
Working journalists, activists, top executives or someone in the public eye might want to think about turning on Lockdown Mode in their Privacy & Security settings - this reduces the amount of risk by limiting some web tech and attachments.
If you're a company based in India or the US, keeping an eye on advice from agencies like CERT-In and CISA can add yet another layer of protection.
Does the iOS 26.3 Update Slow Down Your Phone?
There is no sign from Apple that the iOS 26.3 security update will make your iPhone run any slower. When you're just getting security patches without any system changes, that's pretty much the point.
The likelihood is that the real risk is putting off that update.
Zero-day exploits don't come up that often but when they do they can be particularly nasty - Apple fixed 9 of them in 2025, and the first one to be widely exploited this year, CVE-2026-20700, is a good example.
So in the end it comes down to this: update as soon as you can. Closing those security gaps before the bad guys can widen them is what security patches are all about.
More For You
What agent-driven AI means for network and security design
AI agent skills are quietly becoming a major security risk
Gemini could soon let users carry chat history across AI platforms
Are Hackers Targeting Windows First While Macs Fly Under the Radar in India?
Your AI assistant has full access to your life and that should worry you