Apple(US:AAPL) 3 6 Ke·2026-02-13 11:32Core Insights - Apple has fixed a zero-day vulnerability (CVE-2026-20700) that has existed since the iOS 1.0 era, affecting the core infrastructure of iOS, specifically the dynamic linker (dyld) [1][2][7] - The vulnerability allows attackers with memory write capabilities to execute arbitrary code, and it has been confirmed to have been exploited in the wild [2][8] - The dyld vulnerability is critical as it serves as a gatekeeper for all apps, and its exploitation could lead to complete control over the device [3][6] Vulnerability Details - The dyld acts as a "doorman" for the iOS system, loading necessary dynamic libraries and ensuring security isolation for apps [2][3] - Attackers can bypass security checks and gain unauthorized access, potentially leading to "zero-click" or "one-click" attacks, particularly targeting high-value individuals [3][6] - The vulnerability was discovered by Google's Threat Analysis Group and is part of a more complex attack chain involving other vulnerabilities, such as those in WebKit [2][6] Historical Context - The existence of the dyld vulnerability for over a decade raises questions about why it remained undetected until now, attributed to the stability and complexity of core system components [5][6] - Such vulnerabilities often do not appear in isolation and are typically part of a larger exploit chain, similar to techniques used by commercial surveillance firms [6] Other Security Issues - In addition to CVE-2026-20700, Apple has addressed multiple other security issues in the latest iOS and iPadOS updates, including vulnerabilities that could lead to root access and sensitive data leaks [8] - Two high-severity vulnerabilities (CVE-2025-14174 and CVE-2025-43529) were also reported, highlighting ongoing concerns about memory safety issues even in secure mobile platforms [9][10]