Apple closes a security gap present in iOS since its version 1.0

Apple has patched a critical vulnerability that has remained undetected in iOS since its first version released in 2007. The security flaw, identified as CVE-2026-20700 and discovered by Google’s Threat Analysis Group, affects dyld, the operating system’s dynamic linker, and allows attackers with memory write capabilities execute arbitrary code on the device.

According to Apple’s security advisory, the company is aware that this vulnerability has been actively exploited in what it describes as “an extremely sophisticated attack against targeted individuals” in versions of iOS prior to iOS 26. The company indicates that the flaw could have been part of a more complex chain of exploits.

A failure in the “gatekeeper” of the system

Brian Milbier, deputy director of information security at Huntress, explained the severity of the problem by comparing dyld to a gatekeeper: “Every application that wants to run must first go through this gatekeeper to be assembled and given permission to start. Typically, the gatekeeper checks credentials and places the apps in a sandbox High security where they cannot touch your private data. This vulnerability allows an attacker to fool the goalkeeper to provide a master key before security checks begin.”

By combining this flaw with WebKit vulnerabilities that Apple also addressed in the iOS 26.3 update, attackers can create a “zero-click” or “one-click” path to full control of the device. Milbier noted that this level of sophistication resembles exploits developed by the commercial surveillance industry, responsible for prominent spyware tools like Pegasus and Predator, which are sold to government customers. The iOS 26.3 update also includes fixes for other flaws that grant root access and disclose sensitive user information, although CVE-2026-20700 is the only one that Apple confirmed to have been actively exploited.