CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Apple Patches Three Zero-Day Flaws Exploited in Targeted Attacks

First reported
Last updated
3 unique sources, 5 articles

Summary

Hide ▲

Apple has released emergency updates to address a new zero-day vulnerability (CVE-2026-20700) in dyld, which was exploited in sophisticated attacks targeting specific individuals. This flaw, along with two previously disclosed vulnerabilities (CVE-2025-43529 and CVE-2025-14174) in WebKit, were exploited in the same incidents. The flaws can lead to remote code execution and memory corruption when processing maliciously crafted web content. The affected devices include various iPhone and iPad models running versions of iOS before iOS 26, as well as Mac devices running macOS Tahoe. Apple and Google's Threat Analysis Group discovered the vulnerabilities, and Google has also patched the same flaw (CVE-2025-14174) in Google Chrome, indicating coordinated disclosure. While the attacks were highly targeted, users are advised to update their devices promptly to mitigate ongoing risks. With these updates, Apple has now patched nine zero-day vulnerabilities that were exploited in the wild in 2025 and one in 2026.

Timeline

  1. 12.02.2026 03:06 3 articles · 21h ago

    Apple Patches Zero-Day Flaw in dyld Exploited in Targeted Attacks

    Apple has released security updates to fix a zero-day vulnerability (CVE-2026-20700) in dyld, the Dynamic Link Editor used by Apple operating systems, including iOS, iPadOS, macOS, tvOS, watchOS, and visionOS. This flaw, along with two previously disclosed vulnerabilities (CVE-2025-43529 and CVE-2025-14174) in WebKit, were exploited in the same incidents. The affected devices include various iPhone and iPad models running versions of iOS before iOS 26, as well as Mac devices running macOS Tahoe. Apple has fixed the vulnerability in iOS 18.7.5, iPadOS 18.7.5, macOS Tahoe 26.3, tvOS 26.3, watchOS 26.3, and visionOS 26.3. This is the first Apple zero-day fixed in 2026, with the company fixing seven in 2025. The vulnerability, tracked as CVE-2026-20700, has been described as a memory corruption issue in dyld, Apple's Dynamic Link Editor. Successful exploitation of the vulnerability could allow an attacker with memory write capability to execute arbitrary code on susceptible devices. Google Threat Analysis Group (TAG) has been credited with discovering and reporting the bug.

    Show sources
    Open in new tab
  2. 13.12.2025 01:23 5 articles · 2mo ago

    Apple Patches Two Zero-Day Flaws in WebKit Exploited in Targeted Attacks

    Apple has released emergency updates to address two zero-day vulnerabilities (CVE-2025-43529 and CVE-2025-14174) in WebKit, which were exploited in sophisticated attacks targeting specific individuals. The flaws, a use-after-free and a memory corruption issue, can lead to remote code execution and memory corruption when processing maliciously crafted web content. The affected devices include various iPhone and iPad models running versions of iOS before iOS 26. Apple and Google's Threat Analysis Group discovered the vulnerabilities, and Google has also patched the same flaw (CVE-2025-14174) in Google Chrome, indicating coordinated disclosure. While the attacks were highly targeted, users are advised to update their devices promptly to mitigate ongoing risks. With these updates, Apple has now patched nine zero-day vulnerabilities that were exploited in the wild in 2025.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

CVE-2024-37079 in VMware vCenter Exploited in the Wild

CVE-2024-37079, a critical heap overflow flaw in VMware vCenter Server, is being actively exploited in the wild. The vulnerability, patched in June 2024, allows remote code execution via a specially crafted network packet. Broadcom confirmed the active exploitation and advised customers to apply security patches immediately. CISA added the flaw to its KEV catalog, mandating FCEB agencies to secure their systems by February 13, 2026, under BOD 22-01. There are no known workarounds or mitigations, emphasizing the urgency of applying the latest patches.

Open in new tab

Cisco Unified Communications RCE Zero-Day Exploited in Attacks

Cisco has patched a critical remote code execution vulnerability (CVE-2026-20045) in its Unified Communications and Webex Calling products, which has been actively exploited in attacks. The flaw, with a CVSS score of 8.2, allows attackers to gain user-level access and escalate privileges to root on affected systems. Cisco has released patches for various versions of the impacted products and urged customers to update immediately. The U.S. CISA has added the vulnerability to its KEV Catalog, requiring federal agencies to patch by February 11, 2026.

Open in new tab

Active Exploitation of Unpatched Cisco AsyncOS Zero-Day in SEG and SEWM Appliances

Cisco has identified an unpatched, critical zero-day vulnerability (CVE-2025-20393) in AsyncOS, affecting Secure Email Gateway (SEG) and Secure Email and Web Manager (SEWM) appliances. The flaw is actively exploited by a Chinese threat group, UAT-9686, to deploy backdoors and other malware. The attacks have been ongoing since at least late November 2025. Cisco has released security updates for the vulnerability and recommends securing and restricting access to vulnerable appliances. The vulnerability allows threat actors to execute arbitrary commands with root privileges and deploy tools like AquaShell, AquaTunnel, Chisel, and AquaPurge. CISA has added CVE-2025-20393 to its Known Exploited Vulnerabilities (KEV) catalog, requiring FCEB agencies to apply mitigations by December 24, 2025. Additionally, GreyNoise detected a coordinated campaign targeting enterprise VPN infrastructure, including Cisco SSL VPN and Palo Alto Networks GlobalProtect portals.

Open in new tab

Multiple Critical Vulnerabilities Exploited in Popular Software

Multiple critical vulnerabilities in widely used software, including Apple products, .NET applications, WinRAR, and React, are being actively exploited by threat actors. These flaws allow for arbitrary code execution, remote code execution (RCE), and other malicious activities. The vulnerabilities affect a broad range of users and systems, necessitating immediate updates and patches. The exploits target various vectors, including memory corruption, path traversal, and design flaws in cryptographic keys. The affected software includes Apple's iOS, iPadOS, macOS, Safari, .NET applications, WinRAR, and React. The impact of these vulnerabilities is significant, as they enable attackers to execute arbitrary code, gain unauthorized access, and compromise sensitive data. The urgency of these updates is underscored by the active exploitation of these flaws, with some attacks occurring before fixes were available. Users are advised to install the necessary updates promptly to mitigate the risks.

Open in new tab

Eighth Chrome Zero-Day Vulnerability Patched in 2025

Google has released an emergency update to fix a high-severity zero-day vulnerability (466192044) in Chrome, marking the eighth such flaw exploited in attacks in 2025. The vulnerability, a buffer overflow in the ANGLE's Metal renderer, affects Chrome versions for Windows, macOS, and Linux. Google has not disclosed further details, including the CVE ID, as the issue remains under coordination. The flaw could lead to memory corruption, crashes, sensitive information leaks, and arbitrary code execution. Users are advised to update their browsers to versions 143.0.7499.109 for Windows and Linux, and 143.0.7499.110 for macOS. This update also addresses two additional medium-severity vulnerabilities (CVE-2025-14372 and CVE-2025-14373). Additionally, Google has released patches for three new Chrome zero-day vulnerabilities, including a high-severity one for which an exploit is accessible in the wild. The high-severity zero-day is referred to only by Google’s internal tracker ID, 466192044, with no CVE attributed at this stage. The status of the vulnerability is marked as 'Under coordination.' Access to the details of a vulnerability may be kept restricted until a majority of users are updated with a fix.

Open in new tab