Apple patches decade-old iOS zero-day, possibly exploited by commercial spyware

https://www.theregister.com/2026/02/12/apple_ios_263/

91•beardyw•1h ago

Comments

cpncrunch•1h ago

No updates for ipados17. I guess my ipad pro 10.5 is finally a brick.

brainzap•1h ago

I am shocked to hear that over these years it was possibl to extract data from a locked iphone. (hardening mode off)

I trusted apple.

gruez•1h ago

>I trusted apple.

To what? Write 100% bug free software? I don't think that's actually achievable, and expecting so is just setting yourself up for appointment. Apple does a better job than most other vendors except maybe GrapheneOS. Mainstream Android vendors are far worse. Here's Cellebrite Premium's support matrix from July 2024, for locked devices. iPhones are vulnerable after first unlock (AFU), but Androids are even worse. They can be hacked even if they have been shut down/rebooted.

https://grapheneos.social/system/media_attachments/files/112...

fsflover•57m ago

Qubes OS does a much better job though, because it relies on security through compartmentalization, not security through correctness.

gruez•37m ago

The problem with that is it runs on a desktop, which means very little in the way of protection against physical attacks. You might be safe from Mossad trying to hack you from half way across the world, but you're not safe from someone doing an evil maid attack, or from seizing it and bruteforcing the FDE password (assuming you didn't set a 20 random character password).

RankingMember•29m ago

These links working for anyone? 403 for me

gruez•6m ago

Updated the links. The original were from discuss.grapheneos.org but it looks like they don't like hot-linking.

CharlesW•1h ago

This is a newly-discovered vulnerability (CVE-2026-20700, addressed along with CVE-2025-14174 and CVE-2025-43529).

Note that the description "an attacker with memory write capability may be able to execute arbitrary code" implies that this CVE is a step in a complex exploit chain. In other words, it's not a "grab a locked iPhone and bypass the passcode" vulnerability.

jrmg•1h ago

I may well be missing something, but this reads to me as code execution on user action, not lock bypass.

Like, you couldn’t get a locked phone that hadn’t already been compromised to do anything because it would be locked so you’d have no way to run the code that triggers the compromise.

Am I not interpreting things correctly?

[edit: ah, I guess “An attacker with memory write capability” might cover attackers with physical access to the device and external hardware attached to its circuit board that can write to the memory directly?]

j16sdiz•1h ago

What does "zero-day" even meant?

> ... decade-old ...

> ... was exploited in the wild ...

> ... may have been part of an exploit chain....

gruez•1h ago

https://en.wikipedia.org/wiki/Zero-day_vulnerability

buttscicles•1h ago

Meaning unknown to the public/vendor

runjake•1h ago

“Zero day” has meant different things over the years, but for the last couple-ish decades it’s meant “the number of days that the vendor has had to fix them” AKA “newly-known”.

alanbernstein•57m ago

Well whatever the zero means, it can't be the number of days that the bug has been present, generally. It should be expected that most zero-days concern a bug with a non-zero previous lifespan.

CSMastermind•47m ago

The vulnerability has been present for more than a decade.

There is evidence that some people were aware and exploiting it.

Apple was unaware until right now that it existed, thus is a 'zero day' meaning an exploit that the outside world knows about but they don't.

zero0529•1h ago

I guess the fix is only for Tahoe?

bzzzt•1h ago

There's an update for Sequoia too.

cluckindan•8m ago

But not for iOS 18, so this is a forced upgrade to the horrors of Liquid Glass.

Can’t wait to see how much battery it eats.

MYEUHD•1h ago

The zero-day mentioned in the article doesn't affect macOS.

But there were security updates for macOS 14 and macOS 15 released yesterday:

https://support.apple.com/en-us/126350

https://support.apple.com/en-us/126349

asah•1h ago

Open source wins... again.

baq•1h ago

as in I now have to upgrade all my children's ancient iphones...?

I'd much rather not do that

kstrauser•25m ago

You’d rather they not release updates to support them?

max_•56m ago

My suspicion is that. These "exploits" are planted by spy agencies.

They don't appear there organically.

bell-cot•42m ago

Maybe sometimes? With how many bugs are normally found in very complex code, would a rational spy agency spend the money to add a few more? Doing so is its own type of black op, with plenty of ways to go wrong.

OTOH, how rational are spy agencies about such things?

2OEH8eoCRo0•38m ago

Some suspect that Apple secretly backs some of these spyware services. I've heard rumors about graykey but only rumors. Thoughts?

gruez•34m ago

>Some suspect ...

>I've heard rumors ...

So like, the comment you're replying to? This is just going in circles.

zappb•28m ago

This vastly overstates both the competence of spy agencies and of software engineers in general. When it comes to memory unsafe code, the potential for exploits is nearly infinite.

xnx•8m ago

> overstates both the competence of spy agencies

Stuxnet was pretty impressive: https://en.wikipedia.org/wiki/Stuxnet

Iolaum•5m ago

It was also not a bug to be exploited.

It was a complicated product that many people worked in order to develop and took advantage of many pre-existing vulnerabilities as well knowledge of complex and niche systems in order to work.

meisel•55m ago

I wonder what the internal conversations are like around memory safety at Apple right now. Do people feel comfortable enough with Swift's performance to replace key things like dyld and the OS? Are there specific asks in place for that to happen? Is Rust on the table? Or does C and C++ continue to dominate in these spaces?

gsnedders•48m ago

While not wholesale replacing it, there already is Swift in dyld: https://github.com/search?q=repo%3Aapple-oss-distributions%2...

ronsor•18m ago

Apple is already working on a memory-safe C variant which is already used in iBoot and will be upstream LLVM soon: https://clang.llvm.org/docs/BoundsSafety.html

ChrisArchitect•31m ago

Previously: https://news.ycombinator.com/item?id=46979643

erichocean•29m ago

I wonder if Fil-C would have prevented this.

dudeinhawaii•15m ago

So the exploiters have deprecated that version of spyware and moved on I see. This has been the case every other time. The state actors realize that there's too many fingers in the pie (every other nation has caught on), the exploit is leaked and patched. Meanwhile, all actors have moved on to something even better.

Remember when Apple touted the security platform all-up and a short-time later we learned that an adversary could SMS you and pwn your phone without so much as a link to be clicked.

KSIMET: 2020, FORCEDENTRY: 2021, PWNYOURHOME, FINDMYPWN: 2022, BLASTPASS: 2023

Each time NSO had the next chain ready prior to patch.

I recall working at a lab a decade ago where we were touting full end-to-end exploit chain on the same day that the target product was announcing full end-to-end encryption -- that we could bypass with a click.

It's worth doing (Apple patching) but a reminder that you are never safe from a determined adversary.

walterbell•7m ago

[delayed]

shantara•5m ago

Meanwhile Apple made a choice to leave iOS 18 vulnerable on the devices that receive updates to iOS 26. If you want security, be ready to sacrifice UI usability.

X accused of violating sanctions by selling Premium accounts to Iranian leaders

UpScrolled social network struggles to moderate hate speech after fast growth

Beginning autonomous operations with the 6th-generation Waymo Driver

Show HN: ClawDeploy – OpenClaw deployment for non-technical users

FTC Chairman Issues Warning Letter to Apple CEO

Official Launch of Seedance 2.0

I'm 23, building my first startup with $0. Roast my plan

When AI Tools Train on AI Output: Model Collapse in Daily Workflows

Tiny Tool Town

How and When the Memory Chip Shortage Will End

New experiments suggest Earth's core contains up to 45 oceans' worth of hydrogen

Physicists Make Electrons Flow Like Water

The Discourse has been Automated

Show HN: Rotatrix – Trackball mod capturing full 3-axis rotation for 3D control

Show HN: InboxAPP – All Your DMs in One API / MCP

Creator Calculator

MiniMax M2.5: Faster, stronger, smarter. Built for real-world productivity

Chinamaxxing: Why Gen Z wants you to 'diagnose' yourself as Chinese

Improved UN/LOCODEs

Show HN: DuoORM – Symmetrical Active Record Pattern for SQLAlchemy 2.0

On the shape of giant soap bubbles

Vulcan suffers solid rocket booster problem during USSF-87 launch

Healthcare Jobs Have Become the Engine of America's Labor Market

Cyber Model Arena

Show HN: .portab- a portable file format for transporting browser windows

Show HN: Beautiful IP Address Data Pages

Clear Accent Waitlist

Portable 1MV X-ray system combines Cockcroft–Walton with Van de Graaff dome

Show HN: Vibe-coded – Rust CLI to discover LLM-assisted Git repositories

Tempest (PHP) Version 3