Apple has issued patches this week for an exploited zero-day that’s reported to have been in each version of iOS since v1.0. Which takes us back to the late 2000’s to the first iPhone in 2007.
Apple’s advisory notes: “An attacker with memory write capability may be able to execute arbitrary code. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26.”
Mobile security expert Madhav Benoi, Head of Security Research, Approov had this to say:
“This attack is a powerful primitive that can be used to run arbitrary code. The good news is that it only affects iOS versions below 26.
“The immediate downside for a victim is complete device compromise. It makes sense that it was used for targeted individuals as for certain political/informational gain, this is a weapon that can be used to gain entryway into targets.
“Users and organizational security teams should patch Apple iPhones immediately, and if they’re still using iOS 18 and haven’t moved to 26, please do As soon As possible. If they’re continuing to run an iOS version below 26, they just be careful with what apps they install. Keep an eye out if any apps are popping up random things and are asking for permissions that they don’t need. This could be an indicator of compromise.”
Damon Small, Board Member, Xcape, Inc. adds this:
“Apple’s emergency patch for CVE-2026-20700 signifies a rare and concerning development, as the company explicitly warns of an “extremely sophisticated attack,” likely linked to nation-state espionage or commercial spyware. The significant drawback is that even highly controlled mobile ecosystems are vulnerable to advanced exploitation, and targeted individuals may have minimal indication that their devices have been compromised. Discovered by Google’s Threat Analysis Group, this zero-day vulnerability targets the Dynamic Link Editor (dyld), the essential “gatekeeper” responsible for how every application loads and is protected from each other on your device. By compromising this core component, attackers can completely bypass this iOS sandbox, enabling them to execute arbitrary code and silently install persistent surveillance tools.
“The true concern lies in the frightening precision of the exploit chain, which was used in conjunction with previously patched WebKit vulnerabilities to target high-value individuals with “zero-click” efficiency. For any team managing a fleet of Apple devices, this is not a standard update; it’s a critical emergency that necessitates immediate patching to iOS 26.3 or iOS 18.7.5. Individual users need to be concerned as well and should also update immediately.
“Patch fast or get pwned! If your iPhones aren’t on the latest build, assume someone’s already working on the next 0-day.”
If you haven’t updated to iOS 26.3, I’d be doing so ASAP. While you’re at it, you should update the rest of your Apple gear as well as there are updates for watchOS, macOS and others that were released at the same time. While Apple exploits tend to be used against high value targets such as human rights campaigners, journalists, and politicians, that could change at any time. Thus it’s time to patch all the things in order to be safe.
Like this:
Like Loading...
Related
This entry was posted on February 13, 2026 at 8:15 am and is filed under Commentary with tags Apple. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Apple Patches Exploited Zero Day That Has Been Around For YEARS
Apple has issued patches this week for an exploited zero-day that’s reported to have been in each version of iOS since v1.0. Which takes us back to the late 2000’s to the first iPhone in 2007.
Apple’s advisory notes: “An attacker with memory write capability may be able to execute arbitrary code. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26.”
Mobile security expert Madhav Benoi, Head of Security Research, Approov had this to say:
“This attack is a powerful primitive that can be used to run arbitrary code. The good news is that it only affects iOS versions below 26.
“The immediate downside for a victim is complete device compromise. It makes sense that it was used for targeted individuals as for certain political/informational gain, this is a weapon that can be used to gain entryway into targets.
“Users and organizational security teams should patch Apple iPhones immediately, and if they’re still using iOS 18 and haven’t moved to 26, please do As soon As possible. If they’re continuing to run an iOS version below 26, they just be careful with what apps they install. Keep an eye out if any apps are popping up random things and are asking for permissions that they don’t need. This could be an indicator of compromise.”
Damon Small, Board Member, Xcape, Inc. adds this:
“Apple’s emergency patch for CVE-2026-20700 signifies a rare and concerning development, as the company explicitly warns of an “extremely sophisticated attack,” likely linked to nation-state espionage or commercial spyware. The significant drawback is that even highly controlled mobile ecosystems are vulnerable to advanced exploitation, and targeted individuals may have minimal indication that their devices have been compromised. Discovered by Google’s Threat Analysis Group, this zero-day vulnerability targets the Dynamic Link Editor (dyld), the essential “gatekeeper” responsible for how every application loads and is protected from each other on your device. By compromising this core component, attackers can completely bypass this iOS sandbox, enabling them to execute arbitrary code and silently install persistent surveillance tools.
“The true concern lies in the frightening precision of the exploit chain, which was used in conjunction with previously patched WebKit vulnerabilities to target high-value individuals with “zero-click” efficiency. For any team managing a fleet of Apple devices, this is not a standard update; it’s a critical emergency that necessitates immediate patching to iOS 26.3 or iOS 18.7.5. Individual users need to be concerned as well and should also update immediately.
“Patch fast or get pwned! If your iPhones aren’t on the latest build, assume someone’s already working on the next 0-day.”
If you haven’t updated to iOS 26.3, I’d be doing so ASAP. While you’re at it, you should update the rest of your Apple gear as well as there are updates for watchOS, macOS and others that were released at the same time. While Apple exploits tend to be used against high value targets such as human rights campaigners, journalists, and politicians, that could change at any time. Thus it’s time to patch all the things in order to be safe.
Share this:
Like this:
Related
This entry was posted on February 13, 2026 at 8:15 am and is filed under Commentary with tags Apple. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.