Fixing and finding
Jump to remediation plan
CVE ID

CVE-2026-20700

Published 2026-02-12
Updated last month
Vendor/s
Apple
Product/s
Multiple Products
Version/s
* > 26.3
KEV Status
Active Exploitation
Listed in CISA's Known Exploited Vulnerabilities catalogue. Active exploitation observed in the wild.
CVSS Score (v3.1)
7.8
/ 10
High
Severity Details
Base score
7.8 High
Attack vector
Local
Attack complexity
Low
Privileges required
Low
User interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Description

CVE-2026-20700 is a high-severity memory corruption flaw in Apple OSs, actively exploited for arbitrary code execution. Update to version 26.3.

CPE

Apple logo
Apple
Product Version Start Version End (excl.) Status
ipados * 26.3 vulnerable
iphone_os * 26.3 vulnerable
macos * 26.3 vulnerable
tvos * 26.3 vulnerable
visionos * 26.3 vulnerable
watchos * 26.3 vulnerable

Related weakness (CWE)

CWE-119

Remediation plan

1

Apply official patches

Install the latest security updates provided by Apple for your specific hardware. Apple has released patches for iOS, iPadOS, macOS, tvOS, visionOS, and watchOS to address the underlying state management issues causing memory corruption.

2

Update affected systems

Ensure all Apple devices are running version 26.3 or later. This includes updating iPhones and iPads to iOS/iPadOS 26.3, Macs to macOS Tahoe 26.3, and Apple Watches, TVs, or Vision Pro headsets to their respective 26.3 versions.

3

Restrict access

Since the attack vector is local, enforce strict physical device security and implement mobile device management (MDM) policies to prevent unauthorized local access. Limit the installation of unverified third-party applications that could be used as a vehicle for memory write attempts.

4

Monitor for exploitation

Use endpoint detection and response (EDR) tools to monitor for unusual system process behavior, unexpected kernel panics, or unauthorized memory access patterns. Review system logs for signs of sophisticated exploitation attempts linked to CVE-2026-20700.

Detection Guidance

Detection should focus on identifying anomalous local activity. Monitor system logs for frequent or unexplained application crashes and memory-related errors (CWE-119). Since this involves memory corruption, security teams should look for unauthorized code execution patterns or privilege escalation attempts within the OS kernel. Use MDM or EDR solutions to audit device versions and flag any hardware still running versions older than 26.3, especially in high-risk environments.

References

https://support.apple.com/en-us/126346 Release Notes Vendor Advisory https://support.apple.com/en-us/126348 Release Notes Vendor Advisory https://support.apple.com/en-us/126351 Release Notes Vendor Advisory https://support.apple.com/en-us/126352 Release Notes Vendor Advisory https://support.apple.com/en-us/126353 Release Notes Vendor Advisory https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20700 US Government Resource

Sources

NIST National Vulnerability Database (NVD)
CISA Known Exploited Vulnerabilities (KEV)

Experience superior visibility and a simpler approach to cyber risk management

Get a demo
Free trial