Apple has released a new round of software updates across its ecosystem, delivering security fixes and system improvements for iPhone, iPad, Mac, Apple Watch, Apple TV, and Vision Pro. The release includes iOS and iPadOS 26.3, along with updates for macOS, watchOS, tvOS, visionOS, and Safari
iOS 26.3 and iPadOS 26.3 apply to iPhone 11 and later, along with multiple recent generations of iPad models. According to Apple, the updates address a wide range of security issues spanning memory corruption, privilege escalation, information disclosure, and denial-of-service conditions.
Among the most notable fixes is CVE-2026-20700, a memory corruption vulnerability in dyld, Apple’s dynamic linker. Apple states it is aware of reports indicating that this issue may have been exploited in an “extremely sophisticated attack” targeting specific individuals on versions of iOS prior to iOS 26. The vulnerability was credited to Google’s Threat Analysis Group.
Apple’s advisory documents additional fixes across CoreServices, the kernel, Sandbox, Messages, WebKit, and other subsystems. Several of the resolved issues describe scenarios in which a malicious application could gain elevated privileges, escape sandbox restrictions, or access sensitive user data.
The update also addresses multiple privacy-related issues, including lock-screen behavior and physical-access scenarios where an attacker with access to a locked device could potentially view sensitive information under certain conditions.
In addition to iOS and iPadOS 26.3, Apple issued security updates across nearly all supported platforms on the same day, indicating a coordinated patch cycle. While each platform has its own advisory, many of the fixes address overlapping vulnerability classes, particularly in WebKit and core system components. They include:
- iOS 18.7.5 and iPadOS 18.7.5 for older devices
- macOS Tahoe 26.3
- macOS Sequoia 15.7.4
- macOS Sonoma 14.8.4
- tvOS 26.3
- watchOS 26.3
- visionOS 26.3
- Safari 26.3 for macOS Sonoma and Sequoia
These updates ensure continued security coverage for users on older hardware and across Apple’s broader device lineup.
Affected Devices
The updates apply to the following devices:
- iOS 26.3 and iPadOS 26.3
- iPhone 11 and later iPad Pro 12.9-inch (3rd generation and later)
- iPad Pro 11-inch (1st generation and later)
- iPad Air (3rd generation and later)
- iPad (8th generation and later)
- iPad mini (5th generation and later)
- iOS 18.7.5 and iPadOS 18.7.5 iPhone XS, XS Max, and XR iPad (7th generation)
- macOS (Tahoe, Sequoia, Sonoma
- watchOS 26.3 (for Apple Watch Series 6 and later)
- tvOS 26.3 for Apple TV HD and Apple TV 4K (all models)
- visionOS 26.3 for Apple Vision Pro (all models)
The February update cycle resolves dozens of CVEs across Apple’s platforms, including issues related to memory corruption, local privilege escalation, sandbox escapes, and information disclosure. The breadth of the release highlights the importance of installing updates across all supported Apple devices, not just iPhones and iPads.
Apple’s full CVE list, affected components, and acknowledgements are available in on the official support post here.
Leave a Reply