Apple Urges Users to Update Devices Immediately After Zero-Day Security Flaw Discovered
Apple releases urgent security updates to fix actively exploited zero-day flaw. Update all devices now via Settings > General > Software Update.
- Apple has released urgent security updates across its entire device range after confirming a zero-day vulnerability is being actively exploited in targeted attacks against iPhone, iPad, Mac, Apple Watch, Apple TV, and Apple Vision Pro users.
The vulnerability, tracked as CVE-2026-20700, is a memory corruption issue that could allow cybercriminals to execute arbitrary code on affected devices. In practical terms, this means an attacker could potentially install spyware or backdoors without the device owner ever noticing.
Apple confirmed the flaw was used as part of an attack chain combined with two earlier vulnerabilities, CVE-2025-14174 and CVE-2025-43529, specifically targeting devices running versions of iOS prior to iOS 26. Those two earlier vulnerabilities were patched in Apple's December 2025 update.
Which devices are affected?
The security updates cover a wide range of Apple products. iOS 26.3 and iPadOS 26.3 are available for iPhone 11 and later, iPad Pro 12.9-inch (3rd generation and later), iPad Pro 11-inch (1st generation and later), iPad Air (3rd generation and later), iPad (8th generation and later), and iPad mini (5th generation and later).
Owners of older devices are also covered: iOS 18.7.5 and iPadOS 18.7.5 have been issued for iPhone XS, iPhone XS Max, iPhone XR, and iPad (7th generation).
Mac users should update to macOS Tahoe 26.3, macOS Sequoia 15.7.4, or macOS Sonoma 14.8.4 depending on their current operating system. Updates are also available for watchOS 26.3 (Apple Watch Series 6 and later), tvOS 26.3 (Apple TV HD and all Apple TV 4K models), visionOS 26.3 (Apple Vision Pro), and Safari 26.3 for Macs running macOS Sonoma or Sequoia.
How to update your devices
On iPhone or iPad, go to Settings, then General, then Software Update. On Mac, click the Apple menu, choose System Settings, select General, then Software Update. For Apple Watch, open the Watch app on your paired iPhone, tap General, then Software Update, ensuring the watch is on its charger. Apple TV users should navigate to Settings, then System, then Software Updates.
Turning on Automatic Updates is strongly recommended for all devices.
Staying safe
Users who have not yet installed Apple's December 2025 update are at particular risk, as the attack chain exploits vulnerabilities addressed in that release alongside the newly discovered flaw. Apple advises users not to open unsolicited links or attachments without verifying their source, and reminds users that genuine Apple threat notifications will never ask them to click links, open files, install apps, or provide passwords or verification codes.
For those who may be considered high-value targets, Apple's Lockdown Mode offers an additional layer of protection.
Further information on the security content of these updates is available at support.apple.com/100100.
