"The vulnerability, tracked as CVE-2026-20643 (CVSS score: N/A), has been described as a cross-origin issue in WebKit's Navigation API that could be exploited to bypass the same-origin policy when processing maliciously crafted web content."
"Apple notes that Background Security Improvements are meant for delivering lightweight security releases for components such as the Safari browser, WebKit framework stack, and other system libraries through smaller, ongoing security patches rather than issuing them as part of larger software updates."
"Users can control Background Security Improvements via the Privacy and Security menu in the Settings app. To ensure that they are automatically installed, it's advised to keep the "Automatically Install" option on."
Apple released its first Background Security Improvements to address CVE-2026-20643, a cross-origin vulnerability in WebKit's Navigation API that could bypass the same-origin policy when processing malicious web content. The flaw affects iOS 26.3.1, iPadOS 26.3.1, macOS 26.3.1, and macOS 26.3.2, and has been patched with improved input validation. Background Security Improvements deliver lightweight security releases for Safari, WebKit, and system libraries through smaller ongoing patches rather than major updates. The feature is supported starting with iOS 26.1, iPadOS 26.1, and macOS 26. Users can manage these improvements through Privacy and Security settings, with automatic installation recommended to ensure protection.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]