Apple released background security updates to address a critical cross-origin Navigation API flaw in WebKit (CVE-2026-20643) that could allow malicious web content to bypass the Same Origin Policy on iOS, iPadOS, and macOS. The issue was fixed via improved input validation and distributed as Background Security Improvements, requiring organizations to monitor and verify these automatic patches across managed devices. #CVE-2026-20643 #WebKit
Keypoints
- Apple patched a WebKit Navigation API cross-origin flaw tracked as CVE-2026-20643.
- The vulnerability could let crafted web content bypass the Same Origin Policy and access unauthorized data.
- Fixes were delivered via Background Security Improvements for iOS 26.3.1 (a), iPadOS 26.3.1 (a), and macOS 26.3.1/26.3.2 (a).
- Apple also backported WebKit and kernel fixes to older iOS and iPadOS releases, addressing CVE-2023-43010, CVE-2023-43000, CVE-2023-41974, and CVE-2024-23222.
- IT and security teams must track, verify, and maintain visibility into these background patches rather than relying solely on periodic OS updates.
Read More: https://thecyberexpress.com/webkit-vulnerability-fixed-in-apple-update/