Apple has released iOS 26.3, iPadOS 26.3, and macOS Tahoe 26.3 to address dozens of security vulnerabilities, including one actively exploited in targeted attacks. The critical flaw in the dyld dynamic link editor could allow attackers with memory write capability to execute arbitrary code. Apple confirmed this vulnerability was exploited in an 'extremely sophisticated attack' against specific individuals using versions of iOS before iOS 26.

In addition to the actively exploited dyld vulnerability, the updates fix numerous other security issues across Apple's platforms including watchOS, tvOS, and visionOS. The memory corruption bug was resolved through improved state management in the dynamic linker. Apple typically keeps vulnerability details confidential until most users have installed updates, but the company felt compelled to disclose this particular flaw due to its active exploitation.

Security researchers warn that publicizing these vulnerabilities now increases the risk of exploitation by malicious actors who may reverse-engineer the patches. Apple strongly recommends all users update their devices immediately to protect against potential attacks. The company has not disclosed details about the targeted attack campaign or the specific individuals affected, maintaining its standard practice of limited disclosure for security issues involving active exploitation.