Apple Patches iOS Zero-Day Exploited in ‘Extremely Sophisticated Attack’

The three zero-day bugs were identified by Apple’s security team and Google’s Threat Analysis Group and their descriptions suggest that they might have been exploited by commercialspywarevendors.On Wednesday, Apple announced that patches for CVE-2026-20700 have been included in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, watchOS 26.3, and visionOS 26.3.The iOS and iPadOS security updates resolve nearly 40 vulnerabilities, while the macOS Tahoe refresh fixes over 50 security defects.The bugs could be exploited for information exposure, denial-of-service (DoS), arbitrary file write, privilege escalation, network traffic interception, sandbox escape, and code execution.For older device models, Apple released iOS 18.7.5 and iPadOS 18.7.5, macOS Sequoia 15.7.4, and macOS Sonoma 14.8.4, each with patches for over three dozen vulnerabilities.Safari 26.3 was released on Wednesday with fixes for eight security defects, including six affecting the WebKit browser engine.Users are advised to update their devices as soon as possible. Additional information is available on Apple’ssecurity updatespage.Related:6 Actively Exploited Zero-Days Patched by Microsoft With February 2026 UpdatesRelated:Singapore: Rootkits, Zero-Day Used in Chinese Attack on Major Telecom FirmsRelated:Ivanti Patches Exploited EPMM Zero-DaysRelated:Hackers Targeting Cisco Unified CM Zero-Day

On Wednesday, Apple announced that patches for CVE-2026-20700 have been included in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, watchOS 26.3, and visionOS 26.3.The iOS and iPadOS security updates resolve nearly 40 vulnerabilities, while the macOS Tahoe refresh fixes over 50 security defects.The bugs could be exploited for information exposure, denial-of-service (DoS), arbitrary file write, privilege escalation, network traffic interception, sandbox escape, and code execution.For older device models, Apple released iOS 18.7.5 and iPadOS 18.7.5, macOS Sequoia 15.7.4, and macOS Sonoma 14.8.4, each with patches for over three dozen vulnerabilities.Safari 26.3 was released on Wednesday with fixes for eight security defects, including six affecting the WebKit browser engine.Users are advised to update their devices as soon as possible. Additional information is available on Apple’ssecurity updatespage.Related:6 Actively Exploited Zero-Days Patched by Microsoft With February 2026 UpdatesRelated:Singapore: Rootkits, Zero-Day Used in Chinese Attack on Major Telecom FirmsRelated:Ivanti Patches Exploited EPMM Zero-DaysRelated:Hackers Targeting Cisco Unified CM Zero-Day

The iOS and iPadOS security updates resolve nearly 40 vulnerabilities, while the macOS Tahoe refresh fixes over 50 security defects.The bugs could be exploited for information exposure, denial-of-service (DoS), arbitrary file write, privilege escalation, network traffic interception, sandbox escape, and code execution.For older device models, Apple released iOS 18.7.5 and iPadOS 18.7.5, macOS Sequoia 15.7.4, and macOS Sonoma 14.8.4, each with patches for over three dozen vulnerabilities.Safari 26.3 was released on Wednesday with fixes for eight security defects, including six affecting the WebKit browser engine.Users are advised to update their devices as soon as possible. Additional information is available on Apple’ssecurity updatespage.Related:6 Actively Exploited Zero-Days Patched by Microsoft With February 2026 UpdatesRelated:Singapore: Rootkits, Zero-Day Used in Chinese Attack on Major Telecom FirmsRelated:Ivanti Patches Exploited EPMM Zero-DaysRelated:Hackers Targeting Cisco Unified CM Zero-Day

The bugs could be exploited for information exposure, denial-of-service (DoS), arbitrary file write, privilege escalation, network traffic interception, sandbox escape, and code execution.For older device models, Apple released iOS 18.7.5 and iPadOS 18.7.5, macOS Sequoia 15.7.4, and macOS Sonoma 14.8.4, each with patches for over three dozen vulnerabilities.Safari 26.3 was released on Wednesday with fixes for eight security defects, including six affecting the WebKit browser engine.Users are advised to update their devices as soon as possible. Additional information is available on Apple’ssecurity updatespage.Related:6 Actively Exploited Zero-Days Patched by Microsoft With February 2026 UpdatesRelated:Singapore: Rootkits, Zero-Day Used in Chinese Attack on Major Telecom FirmsRelated:Ivanti Patches Exploited EPMM Zero-DaysRelated:Hackers Targeting Cisco Unified CM Zero-Day

For older device models, Apple released iOS 18.7.5 and iPadOS 18.7.5, macOS Sequoia 15.7.4, and macOS Sonoma 14.8.4, each with patches for over three dozen vulnerabilities.Safari 26.3 was released on Wednesday with fixes for eight security defects, including six affecting the WebKit browser engine.Users are advised to update their devices as soon as possible. Additional information is available on Apple’ssecurity updatespage.Related:6 Actively Exploited Zero-Days Patched by Microsoft With February 2026 UpdatesRelated:Singapore: Rootkits, Zero-Day Used in Chinese Attack on Major Telecom FirmsRelated:Ivanti Patches Exploited EPMM Zero-DaysRelated:Hackers Targeting Cisco Unified CM Zero-Day

Safari 26.3 was released on Wednesday with fixes for eight security defects, including six affecting the WebKit browser engine.Users are advised to update their devices as soon as possible. Additional information is available on Apple’ssecurity updatespage.Related:6 Actively Exploited Zero-Days Patched by Microsoft With February 2026 UpdatesRelated:Singapore: Rootkits, Zero-Day Used in Chinese Attack on Major Telecom FirmsRelated:Ivanti Patches Exploited EPMM Zero-DaysRelated:Hackers Targeting Cisco Unified CM Zero-Day

Users are advised to update their devices as soon as possible. Additional information is available on Apple’ssecurity updatespage.Related:6 Actively Exploited Zero-Days Patched by Microsoft With February 2026 UpdatesRelated:Singapore: Rootkits, Zero-Day Used in Chinese Attack on Major Telecom FirmsRelated:Ivanti Patches Exploited EPMM Zero-DaysRelated:Hackers Targeting Cisco Unified CM Zero-Day

Related:6 Actively Exploited Zero-Days Patched by Microsoft With February 2026 UpdatesRelated:Singapore: Rootkits, Zero-Day Used in Chinese Attack on Major Telecom FirmsRelated:Ivanti Patches Exploited EPMM Zero-DaysRelated:Hackers Targeting Cisco Unified CM Zero-Day

Related:Singapore: Rootkits, Zero-Day Used in Chinese Attack on Major Telecom FirmsRelated:Ivanti Patches Exploited EPMM Zero-DaysRelated:Hackers Targeting Cisco Unified CM Zero-Day

Related:Ivanti Patches Exploited EPMM Zero-DaysRelated:Hackers Targeting Cisco Unified CM Zero-Day

Source: SecurityWeek