Apple Background Security Improvements WebKit patch (CVE-2026-20643)
Security Patch Release
Summary
Hide ▲
Show ▼
Apple's first Background Security Improvements release patches CVE-2026-20643 in WebKit, letting iPhones, iPads, and Macs get a security fix without a full OS upgrade. The out-of-band update closes a cross-origin flaw that could let malicious web content bypass the browser's Same Origin Policy. It is available on iOS 26.3.1, iPadOS 26.3.1, macOS 26.3.1, and macOS 26.3.2.
Related Happenings
Avada Builder 3.15.3 patch release (CVE-2026-4782, CVE-2026-4798)
Security Patch Release
First: 15.05.2026 18:56
Last: 15.05.2026 18:56
Sources 1
About this happening:
**Avada Builder** shipped **version 3.15.3** as the full fix for **CVE-2026-4782** and **CVE-2026-4798**, closing the plugin flaws that could expose files and database data. A pri...
Avada Builder 3.15.3 patch release (CVE-2026-4782, CVE-2026-4798)
Security Patch ReleaseAbout this happening: **Avada Builder** shipped **version 3.15.3** as the full fix for **CVE-2026-4782** and **CVE-2026-4798**, closing the plugin flaws that could expose files and database data. A pri...
Apple and Google Messages beta rollout of cross-platform E2EE RCS
Security Tool/Service
First: 12.05.2026 16:00
Last: 12.05.2026 16:00
Sources 1
About this happening:
Apple and Google have begun a **beta rollout** of **end-to-end encrypted RCS** between **iPhone** and **Android** devices, materially reducing carrier and in-transit visibility fo...
Apple and Google Messages beta rollout of cross-platform E2EE RCS
Security Tool/ServiceAbout this happening: Apple and Google have begun a **beta rollout** of **end-to-end encrypted RCS** between **iPhone** and **Android** devices, materially reducing carrier and in-transit visibility fo...
IOS 26.5 beta rolls out default end-to-end encrypted RCS messaging on iPhone and Android
Security Tool/Service
First: 12.05.2026 08:18
Last: 12.05.2026 08:18
Sources 1
About this happening:
Apple's **iOS 26.5** beta adds **default end-to-end encrypted RCS** messaging for **iPhone** and **Android** users, strengthening privacy in cross-platform chats. The rollout cove...
IOS 26.5 beta rolls out default end-to-end encrypted RCS messaging on iPhone and Android
Security Tool/ServiceAbout this happening: Apple's **iOS 26.5** beta adds **default end-to-end encrypted RCS** messaging for **iPhone** and **Android** users, strengthening privacy in cross-platform chats. The rollout cove...
PackageKit 1.3.5 security update (CVE-2026-41651)
Security Patch Release
First: 24.04.2026 20:28
Last: 24.04.2026 20:28
Sources 1
About this happening:
**PackageKit version 1.3.5** was released to fix **CVE-2026-41651**, closing a **local privilege-escalation** path that could let Linux users gain **root permissions**. The update...
PackageKit 1.3.5 security update (CVE-2026-41651)
Security Patch ReleaseAbout this happening: **PackageKit version 1.3.5** was released to fix **CVE-2026-41651**, closing a **local privilege-escalation** path that could let Linux users gain **root permissions**. The update...
Apple out-of-band iOS/iPadOS security updates (CVE-2026-28950)
Security Patch Release
First: 22.04.2026 23:58
Last: 22.04.2026 23:58
Sources 1
About this happening:
**Apple** released **out-of-band security updates** for **iPhone and iPad** on **April 22, 2026** to fix **CVE-2026-28950**. The patch addresses a **Notification Services** flaw t...
Apple out-of-band iOS/iPadOS security updates (CVE-2026-28950)
Security Patch ReleaseAbout this happening: **Apple** released **out-of-band security updates** for **iPhone and iPad** on **April 22, 2026** to fix **CVE-2026-28950**. The patch addresses a **Notification Services** flaw t...
Latest development: 23.04.2026 11:50
Apple issued **iOS 26.4.2**, **iPadOS 26.4.2**, **iOS 18.7.8**, and **iPadOS 18.7.8** on **2026-04-23** to close **CVE-2026-28950**, which could preserve deleted-message notifications on affected devices.
Timeline
-
18.03.2026 03:06 3 articles · 2mo ago
Apple releases first Background Security Improvements fix for CVE-2026-20643
Initial DisclosureApple releases its first Background Security Improvements update for iPhones, iPads, and Macs to fix CVE-2026-20643 in WebKit, a cross-origin issue in the Navigation API that could let malicious web content bypass the browser's Same Origin Policy. The update is available on iOS 26.3.1, iPadOS 26.3.1, macOS 26.3.1, and macOS 26.3.2, and the flaw was discovered by security researcher Thomas Espach.
Show sources
- Apple pushes first Background Security Improvements update to fix WebKit flaw — www.bleepingcomputer.com — 18.03.2026 03:06
- Apple Fixes WebKit Vulnerability Enabling Same-Origin Policy Bypass on iOS and macOS — thehackernews.com — 18.03.2026 08:31
- Apple Fixes WebKit Vulnerability Enabling Same-Origin Policy Bypass on iOS and macOS — thehackernews.com — 18.03.2026 08:31
-
18.03.2026 03:06 3 articles · 2mo ago
Apple releases first Background Security Improvements fix for CVE-2026-20643
Initial DisclosureApple releases its first Background Security Improvements update for iPhones, iPads, and Macs to fix CVE-2026-20643 in WebKit, a cross-origin issue in the Navigation API that could let malicious web content bypass the browser's Same Origin Policy. The update is available on iOS 26.3.1, iPadOS 26.3.1, macOS 26.3.1, and macOS 26.3.2, and the flaw was discovered by security researcher Thomas Espach.
Show sources
- Apple pushes first Background Security Improvements update to fix WebKit flaw — www.bleepingcomputer.com — 18.03.2026 03:06
- Apple Fixes WebKit Vulnerability Enabling Same-Origin Policy Bypass on iOS and macOS — thehackernews.com — 18.03.2026 08:31
- Apple Fixes WebKit Vulnerability Enabling Same-Origin Policy Bypass on iOS and macOS — thehackernews.com — 18.03.2026 08:31