Background Security Improvements update issued to remediate CVE-2026-20643 WebKit navigation bypass
Summary
Hide ▲
Show ▼
Apple released its inaugural Background Security Improvements update to remediate CVE-2026-20643, a WebKit flaw impacting Same Origin Policy enforcement via the Navigation API. The vulnerability enabled malicious web content to bypass cross-origin restrictions, exposing users to potential data leakage or spoofing attacks. Affected platforms include iPhones, iPads, and Macs running iOS 26.3.1, iPadOS 26.3.1, macOS 26.3.1, or macOS 26.3.2. The fix was delivered as a lightweight, out-of-band patch via Apple’s Background Security Improvements mechanism, eliminating the need for a full OS upgrade or device restart.
Timeline
-
18.03.2026 03:06 1 articles · 1h ago
Background Security Improvements update deployed to address CVE-2026-20643 WebKit flaw
Apple issued its first Background Security Improvements update to remediate CVE-2026-20643, a WebKit vulnerability enabling malicious web content to bypass Same Origin Policy restrictions via the Navigation API. The patch was delivered to iOS 26.3.1, iPadOS 26.3.1, macOS 26.3.1, and macOS 26.3.2 as a lightweight, out-of-band update, avoiding the need for a full OS upgrade or device restart. Background Security Improvements updates are applied to specific components in the background and can be managed via device Privacy & Security settings.
Show sources
- Apple pushes first Background Security Improvements update to fix WebKit flaw — www.bleepingcomputer.com — 18.03.2026 03:06
Information Snippets
-
CVE-2026-20643 is a cross-origin flaw in the WebKit Navigation API that allowed malicious web content to bypass Same Origin Policy restrictions.
First reported: 18.03.2026 03:061 source, 1 articleShow sources
- Apple pushes first Background Security Improvements update to fix WebKit flaw — www.bleepingcomputer.com — 18.03.2026 03:06
-
Apple deployed the first Background Security Improvements update to remediate CVE-2026-20643, applicable to iOS 26.3.1, iPadOS 26.3.1, macOS 26.3.1, and macOS 26.3.2.
First reported: 18.03.2026 03:061 source, 1 articleShow sources
- Apple pushes first Background Security Improvements update to fix WebKit flaw — www.bleepingcomputer.com — 18.03.2026 03:06
-
The flaw was assigned to security researcher Thomas Espach and addressed via improved input validation in the Navigation API.
First reported: 18.03.2026 03:061 source, 1 articleShow sources
- Apple pushes first Background Security Improvements update to fix WebKit flaw — www.bleepingcomputer.com — 18.03.2026 03:06
-
Background Security Improvements enables lightweight, out-of-band security patches for components such as Safari, WebKit, and system libraries without requiring full OS upgrades or restarts.
First reported: 18.03.2026 03:061 source, 1 articleShow sources
- Apple pushes first Background Security Improvements update to fix WebKit flaw — www.bleepingcomputer.com — 18.03.2026 03:06
-
Users can manage Background Security Improvements updates via Privacy & Security settings on iPhone, iPad, and Mac; uninstalling the update removes all prior background patches and reverts the device to the baseline OS version.
First reported: 18.03.2026 03:061 source, 1 articleShow sources
- Apple pushes first Background Security Improvements update to fix WebKit flaw — www.bleepingcomputer.com — 18.03.2026 03:06