Apple has released a major security update to address a zero-day vulnerability, a security flaw exploited by hackers before a fix is available. This vulnerability was actively used in targeted attacks, meaning the threat was immediate.

The flaw, identified as CVE-2026-20700, impacts multiple Apple operating systems, including iOS, iPadOS, macOS, watchOS, tvOS, and visionOS. Experts emphasize that this is a critical update and should not be delayed.

Apple’s latest security updates affect iPhone, iPad, Mac, Apple Watch and Apple TV, so now is the time to check every device you own.

CVE-2026-20700 is a memory corruption vulnerability that could allow an attacker to run arbitrary code on a device. This could lead to spyware, hidden backdoors, or silent device takeovers. Apple confirmed this vulnerability was part of an infection chain combined with previously patched flaws, leaving devices that skipped earlier updates exposed.

Devices requiring an update include:

  • iOS 26.3 and iPadOS 26.3: For iPhone 11 and later, plus newer iPads.
  • iOS 18.7.5 and iPadOS 18.7.5: For iPhone XS, XS Max, XR, and iPad 7th generation.
  • macOS Tahoe 26.3, Sequoia 15.7.4, Sonoma 14.8.4
  • tvOS 26.3: For Apple TV HD and Apple TV 4K.
  • watchOS 26.3: For Apple Watch Series 6 and later.
  • visionOS 26.3: For Apple Vision Pro.
  • Safari 26.3: For supported macOS versions.

An iOS update screen

Updating your iPhone or iPad can be done via Settings > General > Software Update. For Mac, go to the Apple menu > System Settings (or Preferences) > General > Software Update. Apple Watch updates require the device to be on its charger and near your iPhone, accessed through the Watch app. Apple TV updates are found in Settings > System > Software Updates. Safari updates are included with macOS updates.

A macOS update screen

Beyond immediate updates, users are advised to enable automatic updates, restart devices regularly, avoid suspicious links and attachments, and consider using strong antivirus software. Apple threat notifications will never request passwords or verification codes.

A watchOS update screen

While updates can be inconvenient, installing them promptly is the most effective measure to protect devices from active threats. Apple's swift response to patch this vulnerability is noted, but user action is now critical.