Cybersecurity & Privacy

Apple Fixes WebKit Flaw CVE-2026-20643 via New Background Security Update

alex2404
By
alex2404
Byalex2404
Follow:
Disclosure: This website may contain affiliate links, which means I may earn a commission if you click on the link and make a purchase. I only recommend products or services that I personally use and believe will add value to my readers. Your support is appreciated!

With devices increasingly targeted through browser-level exploits, Apple has moved to close a specific gap in how security patches reach users between major software releases.

Contents

The company has issued a fix for CVE-2026-20643, a WebKit flaw that allows malicious web content to bypass the browser’s Same Origin Policy. According to the announcement, the vulnerability stems from a cross-origin issue in the Navigation API, addressed through improved input validation. Security researcher Thomas Espach discovered the flaw.

The fix is available on iOS 26.3.1, iPadOS 26.3.1, macOS 26.3.1, and macOS 26.3.2. What makes this release notable is not the patch itself, but the mechanism used to deliver it.

A New Delivery Method for Security Fixes

This marks the first time Apple has deployed a fix through its Background Security Improvements feature — a system designed to push small, targeted patches to specific components without requiring users to install a full OS update or restart their device. The company introduced the feature in iOS 26.1, iPadOS 26.1, and macOS 26.1.

“Background Security Improvements deliver lightweight security releases for components such as the Safari browser, WebKit framework stack, and other system libraries that benefit from smaller, ongoing security patches between software updates,” the announcement states.

Previously, receiving any security fix meant accepting a new OS version in full. That friction is now gone for eligible patches. The feature applies updates silently in the background, targeting only the affected components.

More Read

CanisterWorm Hits 47 npm Packages in Trivy Supply Chain Attack
Perseus Android Malware Monitors Notes Apps for Financial Data
Oracle Emergency Patch Fixes Critical RCE Flaw CVE-2026-21992
PolyShell Flaw Enables Unauthenticated RCE on Magento Stores
INTERPOL Seizes 45,000 Malicious IPs in Global Cybercrime Sweep

Users can find the feature under their device’s Privacy & Security settings. On iPhone and iPad, that means navigating to Settings, then Privacy & Security. On Mac, the path runs through the Apple menu, into System Settings, then Privacy & Security.

What Happens If It’s Removed

The announcement carries a clear caution about uninstalling these updates. Removing a Background Security Improvements update does not simply roll back the latest patch — it strips all previously applied background patches, returning the device to the baseline OS version, such as iOS 26.3.1, without any of the incremental security fixes applied since. The device remains at that baseline security level until the updates are reapplied or folded into a future full release.

Apple also notes that in rare cases where a background patch causes compatibility problems, it may be temporarily pulled and then incorporated into a subsequent software update.

The next step, as stated in the announcement, is that any Background Security Improvements removed from a device will either be reapplied or included in a future full software update.

Photo by Pixabay

This article is a curated summary based on third-party sources. Source: Read the original article

TAGGED:
Share This Article
Previous Article Why Militaries Are Racing to Build Their Own Starlink
Next Article Google Personal Intelligence Expands to All US Free Users
Archives