Apple Security Updates Address Multiple Vulnerabilities Including an In-the-Wild Exploited Memory Corruption Flaw
Apple issued security updates across its ecosystem to address multiple vulnerabilities affecting iOS, iPadOS, macOS, tvOS, watchOS, and visionOS, with impacts including remote code execution (RCE), denial of service, elevation of privilege, information disclosure, data manipulation, and security restriction bypass. HKCERT highlighted CVE-2026-20700 as a high-risk issue and noted it is being exploited in the wild; the flaw is described as an improper restriction of operations within the bounds of a memory buffer that could allow arbitrary code execution when an attacker has memory-write capability.
Apple’s iOS 26.3 and iPadOS 26.3 security content includes fixes for issues that could expose sensitive information on a locked device (e.g., CVE-2026-20645 and CVE-2026-20674) and a Bluetooth-related denial-of-service condition where a privileged network attacker could trigger DoS using crafted packets (CVE-2026-20650). The updates apply to iPhone 11 and later and a range of supported iPad models, and Apple reiterated its policy of publishing details after patches are available.
Timeline
Feb 13, 2026
HKCERT publishes bulletin on multiple Apple product vulnerabilities
HKCERT issued a security bulletin warning about multiple vulnerabilities affecting Apple products, reflecting and amplifying the vendor's February 2026 disclosures. The bulletin did not introduce a separate incident but documented the broader security impact for defenders.
Feb 11, 2026
Apple discloses targeted exploitation of CVE-2026-20627
In the iOS 26.3 and iPadOS 26.3 security advisory, Apple said it was aware of a report that CVE-2026-20627 may have been exploited in an "extremely sophisticated" targeted attack against specific individuals on iOS versions prior to iOS 26. Apple also said CVE-2025-14174 and CVE-2025-43529 were issued in response to that same report.
Feb 11, 2026
Apple releases iOS 26.3 and iPadOS 26.3 security updates
Apple published security updates for iPhone 11 and later and multiple iPad models, fixing numerous vulnerabilities affecting privacy, sandboxing, privilege escalation, memory safety, denial of service, and network security. The advisory also noted fixes for issues that could expose sensitive information on locked devices or enable arbitrary file writes, crashes, sandbox escape, or root privilege escalation.
Jan 22, 2024
Apple patches CVE-2024-27791 in multiple operating systems
Apple addressed CVE-2024-27791, a high-severity out-of-bounds write in Apple PMP Firmware via the ApplePMPv2 writeDashboard interface, affecting iOS, iPadOS, macOS Monterey, macOS Ventura, macOS Sonoma, and tvOS before the January 22, 2024 fixes. The flaw could let an app corrupt Power Management Processor shared memory and trigger PMP panics, Data Aborts, SError exceptions, and ApplePMGR panics; Apple credited Pan Zhenpeng of STAR Labs SG and said it fixed the issue with improved validation.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Vulnerabilities
Sources
Related Stories
Apple Patches Actively Exploited dyld Zero-Day in iOS and Other Platforms
Apple released security updates to address an **actively exploited zero-day** tracked as **CVE-2026-20700**, warning it may have been used in an “extremely sophisticated” attack targeting specific individuals on versions of iOS prior to *iOS 26*. The flaw affects **`dyld` (Apple’s dynamic linker)** and can allow **arbitrary code execution** when an attacker already has **memory write** capability; reporting attributes discovery to **Google’s Threat Analysis Group** and notes it may have been used as part of an exploit chain. Apple shipped fixes across its ecosystem, including *iOS 26.3*, *iPadOS 26.3*, *macOS Tahoe 26.3*, *watchOS 26.3*, *tvOS 26.3*, and *visionOS 26.3*. The same reporting indicates Apple also issued patches tied to the broader report for **CVE-2025-14174** (an out-of-bounds memory access issue in Chrome’s **ANGLE** graphics component on Mac) and **CVE-2025-43529** (a **use-after-free** leading to code execution), and commentary from security practitioners emphasized that enterprise risk is driven by **patch deployment speed**—particularly where updates rely on end users rather than enforced device management.
1 months ago
Apple Fixes Broad Set of iOS, macOS, and visionOS Vulnerabilities
Apple released a wide-ranging set of security updates across **iOS**, **iPadOS**, **macOS Tahoe**, **watchOS**, **tvOS**, **visionOS**, **Safari**, and **Xcode**, addressing more than 85 vulnerabilities across core components including the kernel, WebKit, AirPlay, Keychain, and open-source libraries. The updates fix issues that could enable traffic interception, kernel state disclosure, user fingerprinting, installed-app enumeration, Mail privacy bypasses, exposure of deleted Notes content, and crashes from out-of-bounds writes. Apple said it had no reports of in-the-wild exploitation for the vulnerabilities listed in the release notes, but urged users to update, with particular importance for older devices and managed macOS environments. Among the patched flaws is **`CVE-2024-27828`**, a high-severity memory-handling bug in **IOSurfaceRoot** that could let a local app trigger a kernel panic or execute arbitrary code with kernel privileges. STAR Labs said the issue stemmed from a reference count leak in `IOSurfaceRootUserClient::s_create_shared_event`, where repeated calls with crafted input could corrupt memory handling; the flaw affected iOS and iPadOS before 17.5, tvOS before 17.5, watchOS before 10.5, and visionOS before 1.2. Apple addressed the bug through improved memory handling, adding it to a broader pattern of fixes spanning both current and legacy Apple platforms.
1 weeks ago
Apple iOS/iPadOS Security Updates and CVE Fixes Across Multiple Releases
Apple published security advisories detailing vulnerability fixes across multiple iOS and iPadOS versions, including iOS/iPadOS **16.7**, **17.2**, **18.1**, **18.3**, **26.1**, and **26.2**. The advisories describe a range of impacts such as sandbox escapes (including Web Content sandbox breakout), privacy issues where apps could access or expose sensitive user data via insufficient log redaction, file-system modification via temporary-file handling, and memory-safety flaws (e.g., out-of-bounds reads, type confusion, and bounds-checking issues) that could lead to crashes or memory corruption. Apple attributes fixes to changes like improved protocol handling, cache handling, input validation, and additional permission restrictions, and references issues by **CVE** where available. Several advisories also highlight device-state and authentication/logic weaknesses: iOS/iPadOS 18.3 includes a case where an attacker with physical access to an **unlocked** device could access Photos while the app is locked (`CVE-2025-24141`), while iOS/iPadOS 18.1 includes a lock-screen exposure issue (`CVE-2024-44274`) and a Shortcuts-related path-handling flaw that could allow arbitrary shortcut execution without user consent (`CVE-2024-44255`). The iOS/iPadOS 26.x advisories include privacy and permission issues (e.g., identifying installed apps, screenshots of sensitive embedded views), potential kernel memory corruption/system termination conditions, and logic/UI issues affecting security posture (e.g., passcode requirement timing after Face ID enrollment restore scenarios and potential FaceTime caller ID spoofing), with multiple findings credited to external researchers and teams (including Google Project Zero, ByteDance IES Red Team, and others).
1 months ago