Apple today released iOS 26.3, iPadOS 26.3, and macOS Tahoe 26.3, all of which largely focus on bug fixes and security improvements. Apple says that the updates address dozens of vulnerabilities, including one that is known to have been actively exploited.
That vulnerability in the dyld dynamic link editor could allow for the execution of arbitrary code, and Apple says the bug may have been exploited in an "extremely sophisticated attack" against targeted individuals on versions of iOS before iOS 26.
An attacker with memory write capability may be able to execute arbitrary code. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26.
Apple says the memory corruption issue was fixed with improved state management.
There are numerous other vulnerabilities that were also fixed across not only iOS, iPadOS, and macOS, but also Apple's other platforms that saw updates released today.
Now that these vulnerabilities have been publicized by Apple, even those that were not exploited before might be taken advantage of now. Apple recommends all users update their devices to iOS 26.3, iPadOS 26.3, and macOS Tahoe 26.3 as soon as possible.