Particle.news
Get it on Google Play
Download on the App Store
27 ARTICLES
·
20h ago

Apple Rolls Out First Background Security Improvements to Fix WebKit Same-Origin Bug

The lightweight updates deliver rapid fixes between full releases on devices running the latest 26.x software.

Image
Background Security Improvements in iOS 26.3.1
Stock image: The newly released iPhone 17e is displayed during the "Special Apple Experience" launch event at the Apple Store in the Manhattan borough of New York City, on March 4, 2026.
Image

Overview

  • The patch addresses CVE-2026-20643, a WebKit Navigation API cross-origin flaw that could bypass the Same Origin Policy, credited to researcher Thomas Espach and fixed via improved input validation.
  • Apple shipped the fixes as iOS 26.3.1 (a), iPadOS 26.3.1 (a), macOS 26.3.1 (a), and macOS 26.3.2 (a), with the 26.3.2 variant targeting MacBook Neo models.
  • Apple has not indicated in-the-wild exploitation, but WebKit’s role across Safari, third‑party browsers on iOS, and in‑app web views makes prompt patching important for privacy and security.
  • Users can manage Background Security Improvements in Settings > Privacy & Security to install or enable Automatic Install, and the update typically completes after a brief restart.
  • If a BSI is removed, the device reverts to the baseline OS without the background patches, and security vendors advise enabling automatic BSIs to minimize exposure windows.