Apple Releases Security Updates for iOS and iPadOS

CVE-2026-20700 is under active exploitation and could lead to arbitrary code execution

Threat ID:: CC-4745
Threat Severity:: Medium
Published:: 12 February 2026 3:09 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

CVE-2026-20700 is under active exploitation and could lead to arbitrary code execution

Affected platforms

The following platforms are known to be affected:

iOS

all versions prior to 26.3

iPadOS

all versions prior to 26.3

Threat details

Active exploitation of CVE-2026-20700

Apple have stated that CVE-2026-20700 has been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26.

The NHS England National CSOC assesses that further exploitation attempts are likely.

Introduction

Apple has released a security update to address multiple vulnerabilities in iOS and iPadOS.

CVE-2026-20700 - An attacker with memory write capability may be able to execute arbitrary code. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26.

Remediation advice

Affected organisations are encouraged to review the Apple security release and apply the relevant updates.

Definitive source of threat updates

https://support.apple.com/en-us/126346

CVE Vulnerabilities

Status Published

CVE-2026-20700

A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An attacker with memory write capability may be able to execute arbitrary code. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 and CVE-2025-43529 were also issued in response to this report.

Last edited: 12 February 2026 3:09 pm