Tech
Apple Patches Decade-Old IOS Zero-Day, Possibly Exploited By Commercial Spyware
This week Apple patched iOS and macOS against what it called “an extremely sophisticated attack against specific targeted individuals.”
Security Week reports that the bugs “could be exploited for information exposure, denial-of-service (DoS), arbitrary file write, privilege escalation, network traffic interception, sandbox escape, and code execution.”
Tracked as CVE-2026-20700, the zero-day flaw is described as a memory corruption issue that could be exploited for arbitrary code execution… The tech giant also noted that the flaw’s exploitation is linked to attacks involving CVE-2025-14174 and CVE-2025-43529, two zero-days patched in WebKit in December 2025…
The three zero-day bugs were identified by Apple’s security team and Google’s Threat Analysis Group and their descriptions suggest that they might have been exploited by commercial spyware vendors… Additional information is available on Apple’s security updates page.
Brian Milbier, deputy CISO at Huntress, tells the Register that the dyld/WebKit patch “closes a door that has been unlocked for over a decade.”
Thanks to Slashdot reader wiredmikey for sharing the article.