Apple has patched a critical vulnerability that had gone unnoticed in iOS since its very first version released in 2007. The security flaw, identified as CVE-2026-20700 and discovered by Google’s Threat Analysis Group, affects dyld, the operating system’s dynamic linker. It allows attackers with memory write access to execute arbitrary code on the device.
According to Apple’s security advisory, the company is aware that this vulnerability was actively exploited in what it described as “an extremely sophisticated attack against specific targeted individuals” on versions of iOS prior to iOS 26. Apple also stated that the flaw may have been part of a more complex exploit chain.
Apple Patches Long-Standing iOS Security Flaw
Brian Milbier, Deputy CISO at Huntress, explained the seriousness of the issue by comparing dyld to a doorman (thanks The Register):
Think of dyld as the doorman for your phone. Every single app that wants to run must first pass through this doorman to be assembled and given permission to start. Usually, the doorman checks credentials and places apps in a high-security ‘sandbox’ where they can’t touch your private data. This vulnerability allows an attacker to trick the doorman into handing over a master key before security checks even begin.
By combining this flaw with WebKit vulnerabilities that Apple also addressed in the iOS 26.3 update, attackers could create a “zero-click” or “one-click” path to full device control. Milbier noted that this level of sophistication resembles exploits developed by the commercial surveillance industry, known for spyware tools such as Pegasus and Predator, which are sold to government clients.
The iOS 26.3 update also includes fixes for other vulnerabilities that could grant root access or expose sensitive user information. However, CVE-2026-20700 is the only flaw that Apple confirmed had been actively exploited in real-world attacks.
