Apple has released security updates for iPhones, iPads, Macs, Apple Watches, Apple TVs, and Safari, fixing, in particular, a zero-day flaw that is actively exploited in targeted attacks.

Exploiting this zero-day flaw would allow cybercriminals to run any code they want on the affected device, potentially installing spyware or backdoors without the owner noticing.

Installing these updates as soon as possible keeps your personal information—and everything else on your Apple devices—safe from such an attack.

CVE-2026-20700

The zero-day vulnerability tracked as CVE-2026-20700, is a memory corruption issue in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An attacker with memory write capability may be able to execute arbitrary code.

Apple says the vulnerability was used as part of an infection chain combined with CVE-2025-14174 and CVE-2025-43529 against devices running iOS versions prior to iOS 26.

Those two vulnerabilities were already patched in the December 2025 update.

Updates for your particular device

The table below shows which updates are available and points you to the relevant security content for that operating system (OS).



How to update your Apple devices

How to update your iPhone or iPad

For iOS and iPadOS users, here’s how to check if you’re using the latest software version:

• Go to Settings > General > Software Update. You will see if there are updates available and be guided through installing them.

Turn on Automatic Updates if you haven’t already—you’ll find it on the same screen.



How to update macOS on any version

To update macOS on any supported Mac, use the Software Update feature, which Apple designed to work consistently across all recent versions. Here are the steps:

• Click the Apple menu in the upper-left corner of your screen.

• Choose System Settings (or System Preferences on older versions).

• Select General in the sidebar, then click Software Update on the right. On older macOS, just look for Software Update directly.

• Your Mac will check for updates automatically. If updates are available, click Update Now (or Upgrade Now for major new versions) and follow the on-screen instructions. Before you upgrade to macOS Tahoe 26, please read these instructions.

• Enter your administrator password if prompted, then let your Mac finish the update (it might need to restart during this process).

• Make sure your Mac stays plugged in and connected to the internet until the update is done.

How to update Apple Watch

Ensure your iPhone is paired with your Apple Watch and connected to Wi-Fi, then:

• Keep your Apple Watch on its charger and close to your iPhone.

• Open the Watch app on your iPhone.

• Tap General > Software Update.

• If an update appears, tap Download and Install.

• Enter your iPhone passcode or Apple ID password if prompted.

Your Apple Watch will automatically restart during the update process. Make sure it remains near your iPhone and on charge until the update completes.

How to update Apple TV

Turn on your Apple TV and make sure it’s connected to the internet, then:

• Open the Settings app on Apple TV.

• Navigate to System > Software Updates.

• Select Update Software.

• If an update appears, select Download and Install.

The Apple TV will download the update and restart as needed. Keep your device connected to power and Wi-Fi until the process finishes.

How to update your Safari browser

Safari updates are included with macOS updates, so installing the latest version of macOS will also update Safari. To check manually:

• Open the Apple menu > System Settings > General > Software Update.

• If you see a Safari update listed separately, click Update Now to install it.

• Restart your Mac when prompted.

If you’re on an older macOS version that’s still supported (like Sonoma or Sequoia), Apple may offer Safari updates independently through Software Update.

More advice to stay safe

The most important fix—however inconvenient it may be—is to upgrade to iOS 26.3 (or the latest available version for your device). Not doing so means missing an accumulating list of security fixes, leaving your device vulnerable to newly found vulnerabilities.

 But here are some other useful tips:

• Make it a habit to restart your device on a regular basis.

• Do not open unsolicited links and attachments without verifying with the trusted sender.

• Remember: Apple threat notifications will never ask users to click links, open files, install apps or ask for account passwords or verification codes.

• For Apple Mail users, these vulnerabilities create risk when viewing HTML-formatted emails containing malicious web content.

• Malwarebytes for iOS can help keep your device secure, with Trusted Advisor alerting you when important updates are available.

•If you are a high-value target, or you want the extra level of security, consider using Apple’s Lockdown Mode.

source

Today is Microsoft's February 2026 Patch Tuesday with security updates for 58 flaws, including 6 actively exploited and three publicly disclosed zero-day vulnerabilities.

This Patch Tuesday also addresses five "Critical" vulnerabilities, 3 of which are elevation of privileges flaws and 2 information disclosure flaws.

The number of bugs in each vulnerability category is listed below:

   ■ 25 Elevation of Privilege vulnerabilities

   ■ 5 Security Feature Bypass vulnerabilities

   ■ 12 Remote Code Execution vulnerabilities

   ■ 6 Information Disclosure vulnerabilities

   ■ 3 Denial of Service vulnerabilities

   ■ 7 Spoofing vulnerabilities

When BleepingComputer reports on Patch Tuesday security updates, we only count those released by Microsoft today. Therefore, the number of flaws does not include 3 Microsoft Edge flaws fixed earlier this month.

As part of these updates, Microsoft has also begun to roll out updated Secure Boot certificates to replace the original 2011 certificates that are expiring in late June 2026.

"With this update, Windows quality updates include a broad set of targeting data that identifies devices and their ability to receive new Secure Boot certificates," explains Microsoft in the Windows 11 update notes.

"Devices will receive the new certificates only after they show sufficient successful update signals, which helps ensures a safe and phased rollout."

To learn more about the non-security updates released today, you can review our dedicated articles on the Windows 11 KB5077181 & KB5075941 cumulative updates and the Windows 10 KB5075912 extended security update.

6 actively exploited zero-days

This month's Patch Tuesday fixes six actively exploited vulnerabilities, three of which are publicly disclosed.

Microsoft classifies a zero-day flaw as publicly disclosed or actively exploited while no official fix is available.

The six actively exploited zero-days are:

CVE-2026-21510 - Windows Shell Security Feature Bypass Vulnerability

Microsoft has patched an actively exploited Windows security feature bypass that can be triggered by opening a specially crafted link or shortcut file.

"To successfully exploit this vulnerability, an attacker must convince a user to open a malicious link or shortcut file." explains Microsoft.

"An attacker could bypass Windows SmartScreen and Windows Shell security prompts by exploiting improper handling in Windows Shell components, allowing attacker‑controlled content to execute without user warning or consent," continued Microsoft.

While Microsoft has not shared further details, it likely allows attackers to bypass the Mark of the Web (MoTW) security warnings.

Microsoft has attributed the discovery of the flaw to Microsoft Threat Intelligence Center (MSTIC), Microsoft Security Response Center (MSRC), Office Product Group Security Team, Google Threat Intelligence Group, and an anonymous researcher.

CVE-2026-21513 - MSHTML Framework Security Feature Bypass Vulnerability

Microsoft has patched an actively exploited MSHTML security feature bypass flaw in Windows.

"Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network," explains Microsoft.

There are no details on how this was exploited.

This flaw was once again attributed to Microsoft Threat Intelligence Center (MSTIC), Microsoft Security Response Center (MSRC), Office Product Group Security Team, and Google Threat Intelligence Group.

CVE-2026-21514 - Microsoft Word Security Feature Bypass Vulnerability

Microsoft has patched a security feature bypass flaw in Microsoft Word that is actively exploited.

"An attacker must send a user a malicious Office file and convince them to open it," warns Microsoft's advisory.

"This update addresses a vulnerability that bypasses OLE mitigations in Microsoft 365 and Microsoft Office which protect users from vulnerable COM/OLE control," continues Microsoft.

Microsoft says that the flaw cannot be exploited in the Office Preview Pane.

The flaw was again attributed to Microsoft Threat Intelligence Center (MSTIC), Microsoft Security Response Center (MSRC), Office Product Group Security Team, Google Threat Intelligence Group, and an anonymous researcher.

As no details have been released, it is unclear if CVE-2026-21510, CVE-2026-21513, and CVE-2026-21514 were exploited in the same campaign.

CVE-2026-21519 - Desktop Window Manager Elevation of Privilege Vulnerability

Microsoft has patched an actively exploited elevation of privileges flaw in the Desktop Window Manager.

"An attacker who successfully exploited this vulnerability could gain SYSTEM privileges," warns Microsoft.

No details have been shared on how it was exploited.

Microsoft has attributed the discovery of the flaw to Microsoft Threat Intelligence Center (MSTIC) & Microsoft Security Response Center (MSRC).

CVE-2026-21525 - Windows Remote Access Connection Manager Denial of Service Vulnerability

Microsoft fixed an actively exploited denial of service flaw in the Windows Remote Access Connection Manager.

"Null pointer dereference in Windows Remote Access Connection Manager allows an unauthorized attacker to deny service locally,' explains Microsoft.

Microsoft has attributed the discovery of the flaw to the ACROS Security team with 0patch.

ACROS CEO Mitja Kolsek told BleepingComputer that the exploit was found in a public malware repository but is unsure how it is being exploited in attacks.

"We found an exploit for this issue in December 2025 in a public malware repository while searching for an exploit for CVE-2025-59230," Kolsek told BleepingComputer.

"This issue turned out to be a 0day at the time, so we patched it (blog.0patch.com/2025/12/free-micropatches-for-windows-remote.html) and reported it to Microsoft. We don't have any information on it having been exploited, but the quality of the combined exploit for both issues suggested professional work."

CVE-2026-21533 - Windows Remote Desktop Services Elevation of Privilege Vulnerability

Microsoft has fixed an elevation of privileges in Windows Remote Desktop Services.

"Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally," explains Microsoft.

Microsoft has attributed the discovery of the flaw to the Advanced Research Team at CrowdStrike.

CrowdStrike told BleepingComputer that the exploit they observed allows threat actors to add a new user to the Administrator group.

"The CVE-2026-21533 exploit binary modifies a service configuration key, replacing it with an attacker-controlled key, which could enable adversaries to escalate privileges to add a new user to the Administrator group," Adam Meyers, Head of Counter Adversary Operations, CrowdStrike, told BleepingComputer.

"While CrowdStrike does not currently attribute this activity to a specific target or adversary, threat actors possessing the exploit binaries will likely accelerate their attempts to use or sell CVE-2026-21533 in the near term."

Of the six zero-days, CVE-2026-21513, CVE-2026-21510, and CVE-2026-21514 were publicly disclosed.

Recent updates from other companies

Other vendors who released updates or advisories in February 2026 include:

■ Adobe released security updates for Audition, After Effects, InDesign, Substance 3D, Adobe Lightroom Classic, and other software. None of the flaws are exploited.

■ BeyondTrust released security updates for a critical RCE flaw in its Remote Support (RS) and Privileged Remote Access (PRA) software.

■ CISA issued a new binding operational directive requiring federal agencies to remove network edge devices that have reached the end of support.

■ Cisco released security updates for Secure Web Appliance, Cisco Meeting Management, and more.

■ Fortinet released security updates for FortiOS and FortiSandbox.

■ Google has released Android's February security bulletin, which includes no security fixes.

■ n8n fixed critical vulnerabilities that act as a patch bypass for the previously fixed CVE-2025-68613 RCE flaw.

■ SAP released the February security updates for multiple products, including fixes for two critical vulnerabilities.

While not a security update, Microsoft has started rolling out built-in Sysmon functionality in Windows 11 insider builds, which many Windows admins will find useful.

The February 2026 Patch Tuesday Security Updates

Below is the complete list of resolved vulnerabilities in the February 2026 Patch Tuesday updates.

To access the full description of each vulnerability and the systems it affects, you can view the full report here.







Update 2/10/26: Added information about how CVE-2026-21533 and CVE-2026-21525 are exploited.

source

Quantum computers have just cleared a hurdle that many physicists once doubted they could overcome. In new experiments, the Google Quantum AI team showed that when they bundle more qubits together in the right pattern, the combined logical qubit actually makes fewer mistakes.

In technical terms, they have gone below the error correction threshold that future large-scale quantum machines will need.

Why should anyone outside a physics lab care about a tiny drop in error rates deep inside a metal box cooled almost to absolute zero? The answer has a lot to do with cleaner energy systems, new materials, and the race to cut climate pollution.

What did scientists actually achieve?

Quantum chips rely on fragile qubits that lose their information very quickly. Every tiny vibration or stray signal can nudge them off course, which is why today’s devices are still too noisy for real-world climate or chemistry problems.

To fight this, researchers use quantum error correction. Instead of trusting a single qubit, they spread one unit of information across many physical qubits and treat the whole patch as one logical qubit. When the physical qubits are good enough, adding more of them actually protects the logical qubit from noise.

That cut-off point is known as the surface-code threshold. In their latest work, Google’s Willow processor, a superconducting chip with qubits in a square grid, finally operated below that limit, and when the team enlarged their code from three-by-three qubits to five-by-five and then seven-by-seven, the logical error rate fell by about a factor of two at each step.

In simple terms, scaling up reduced the errors instead of multiplying them. One of the resulting logical qubits even lived more than twice as long as the best single qubit that helped build it.

For the quantum community, that shift signals that fault tolerant machines now look less like science fiction and more like a long but concrete engineering project.

Why this matters for climate solutions

At first glance, small changes in error rates inside a cryogenic chip sound far removed from air pollution, food prices, or the size of the electric bill. Yet many of the hardest climate and energy questions depend on solving extremely demanding computational problems.

Climate models that simulate oceans, clouds, forests, and cities already push some of the world’s largest supercomputers to their limits. Optimization problems that decide how to route power from thousands of solar panels, wind farms, batteries, and electric vehicles without blackouts or wasted energy are equally tough.

Quantum algorithms are being explored for better weather and climate prediction, power-grid optimization, and material discovery for batteries and solar cells.

Analysts expect that fault-tolerant quantum hardware could speed up the design of low-carbon technologies and industrial processes. One study by McKinsey, for example, estimated that quantum-enhanced climate technologies might unlock additional emissions cuts of several gigatons of carbon dioxide per year by the mid 2030s.

That kind of potential does not mean quantum computers will magically solve climate change. It does mean they could become powerful helpers for engineers and scientists who are already working on cleaner cement, more efficient catalysts, better carbon capture materials, and smarter, more flexible grids.

The energy footprint puzzle

There is also a catch. Quantum processors like Willow run just a fraction of a degree above absolute zero, inside dilution refrigerators that use a lot of electricity, and studies of quantum data centers show that cooling often consumes far more energy than the computation itself.

At the same time, early comparisons indicate that small quantum systems can already use much less power than today’s largest supercomputers for some tasks, so researchers are testing more efficient cooling, qubit types that work at higher temperatures, and ways to reuse waste heat.

Still a long road ahead

Google’s new result still uses only one logical qubit, so it remains a proof of concept rather than a practical machine. To run meaningful chemistry, climate, or grid simulations, researchers will need many interacting logical qubits and error rates that keep dropping as systems grow.

Even so, crossing the error threshold changes the conversation. Instead of asking whether quantum error correction can ever work, scientists are now focused on how fast it can scale and how to align that growth with planetary limits and climate goals.

For people who care about the environment, the message is measured but hopeful. Reliable quantum computers are not a silver bullet, yet they are slowly moving from lab curiosity toward a tool that could support cleaner technologies, more resilient energy systems, and better understanding of a warming planet.

The study was published in Nature.

source

Most iPhone owners have hopefully learned to manage app permissions by now, including allowing location access. But there’s another layer of location tracking that operates outside these controls. Your cellular carrier has been collecting your location data all along, and until now, there was nothing you could do about it.

Apple just changed this in iOS 26.3 with a new setting called “limit precise location.”

How Apple’s anti-carrier tracking system works

Cellular networks track your phone’s location based on the cell towers it connects to, in a process known as triangulation. In cities where towers are densely packed, triangulation is precise enough to track you down to a street address.

This tracking is different from app-based location monitoring, because your phone’s privacy settings have historically been powerless to stop it. Toggle Location Services off entirely, and your carrier still knows where you are.

The new setting reduces the precision of location data shared with carriers. Rather than a street address, carriers would see only the neighborhood where a device is located. It doesn’t affect emergency calls, though, which still transmit precise coordinates to first responders. Apps like Apple’s “Find My” service, which locates your devices, or its navigation services, aren’t affected because they work using the phone’s location sharing feature.

Why is Apple doing this? Apple hasn’t said, but the move comes after years of carriers mishandling location data.

Unfortunately, cellular network operators have played fast and free with this data. In April 2024, the FCC fined Sprint and T-Mobile (which have since merged), along with AT&T and Verizon nearly $200 million combined for illegally sharing this location data. They sold access to customers’ location information to third party aggregators, who then sold it on to third parties without customer consent.

This turned into a privacy horror story for customers. One aggregator, LocationSmart, had a free demo on its website that reportedly allowed anyone to pinpoint the location of most mobile phones in North America.

Limited rollout

The feature only works with devices equipped with Apple’s custom C1 or C1X modems. That means just three devices: the iPhone Air, iPhone 16e, and the cellular iPad Pro with M5 chip. The iPhone 17, which uses Qualcomm silicon, is excluded. Apple can only control what its own modems transmit.

Carrier support is equally narrow. In the US, only Boost Mobile is participating in the feature at launch, while Verizon, AT&T, and T-Mobile are notable absences from the list given their past record. In Germany, Telekom is on the participant list, while both EE and BT are involved in the UK. In Thailand, AIS and True are on the list. There are no other carriers taking part as of today though.

Android also offers some support

Google also introduced a similar capability with Android 15’s Location Privacy hardware abstraction layer (HAL) last year. It faces the same constraint, though: modem vendors must cooperate, and most have not. Apple and Google don’t get to control the modems in most phones. This kind of privacy protection requires vertical integration that few manufacturers possess and few carriers seem eager to enable.

Most people think controlling app permissions means they’re in control of their location. This feature highlights something many users didn’t know existed: a separate layer of tracking handled by cellular networks, and one that still offers users very limited control.

source

Concept Trailer By TT Technology

source