Feb 12, 2026 · 5 min read
Apple Patches Zero Day Used in "Extremely Sophisticated" Targeted Attacks
A vulnerability in Apple's core system loader was exploited alongside two other zero days to compromise specific individuals. Google's Threat Analysis Group discovered the flaw.
What Apple Patched
Apple released emergency security updates on February 11, 2026, patching CVE-2026-20700, an arbitrary code execution vulnerability in dyld, the dynamic link editor that loads libraries across every Apple operating system. An attacker with memory write capability could exploit this flaw to execute arbitrary code on a target device.
Apple's security bulletin noted the vulnerability was used alongside two previously disclosed zero days, CVE-2025-14174 and CVE-2025-43529, in a coordinated exploit chain. The company described the attacks as "extremely sophisticated" and confirmed they targeted "specific individuals" running older versions of iOS.
Who Found It
Google's Threat Analysis Group (TAG), the team that tracks state sponsored hacking operations and advanced persistent threats, discovered the vulnerability. TAG's involvement strongly suggests this was not a run of the mill exploit. The group focuses on attacks by nation state actors, and its discoveries frequently involve spyware vendors or government backed hackers.
Apple has not disclosed who was targeted or which threat actor was responsible. The phrase "extremely sophisticated" in Apple's advisory language typically refers to exploits developed by commercial spyware companies like NSO Group, Intellexa, or similar operations that sell hacking tools to governments.
What Devices Are Affected
The vulnerability affects a broad range of Apple hardware:
- iPhone 11 and later
- iPad Pro 12.9 inch (3rd generation and later)
- iPad Pro 11 inch (1st generation and later)
- iPad Air (3rd generation and later)
- iPad (8th generation and later)
- iPad mini (5th generation and later)
- Mac devices running macOS Tahoe
- Apple TV and Apple Watch
- Apple Vision Pro
Patches are available in iOS 18.7.5, iPadOS 18.7.5, macOS Tahoe 26.3, tvOS 26.3, watchOS 26.3, and visionOS 26.3.
Why "Targeted" Doesn't Mean You're Safe
When Apple says an exploit was used against "specific targeted individuals," it's easy to assume you're not at risk. That's a dangerous assumption. Here's why:
- Exploit code spreads. Once a vulnerability is publicly known and patched, the technical details often emerge. Attackers who weren't behind the original campaign can reverse engineer the patch to develop their own exploits targeting unpatched devices.
- Targeting criteria can expand. Spyware operations that begin with journalists and dissidents frequently expand to broader targets over time as the tools become more accessible.
- Chained vulnerabilities compound risk. This zero day was used with two others. Even after patching one, unpatched systems remain vulnerable to the chain's other components.
Update Now
On iPhone and iPad, go to Settings > General > Software Update and install the latest version. On Mac, go to System Settings > General > Software Update. Don't postpone it. Zero day exploits that are actively being used in the wild represent an immediate risk, and the window between public disclosure and widespread exploitation is shrinking.
If you're in a high risk category, such as a journalist, activist, researcher, or government employee, also consider enabling Apple's Lockdown Mode, which disables features commonly exploited in targeted attacks. It reduces functionality but significantly shrinks the attack surface.
The Bigger Pattern
This is Apple's first zero day patch of 2026, following seven in 2025. The consistent discovery of actively exploited iOS vulnerabilities, often found by Google's TAG, points to a thriving market for iPhone exploits. Commercial spyware vendors pay millions for reliable iOS exploit chains, and the demand shows no signs of declining.
For users, the takeaway is simple: keep automatic updates enabled, assume that every delay in patching is a window of exposure, and treat your phone as the most sensitive device you own, because for most people, it is.