Particle.news
Download on the App Store
23 ARTICLES
·
5h ago

Apple Rolls Out First Background Security Improvements to Fix WebKit Same‑Origin Bypass

Users on current iOS, iPadOS, and macOS builds can apply the lightweight CVE‑2026‑20643 patch from Privacy & Security settings, with automatic installs recommended.

Image
Background Security Improvements in iOS 26.3.1
Stock image: The newly released iPhone 17e is displayed during the "Special Apple Experience" launch event at the Apple Store in the Manhattan borough of New York City, on March 4, 2026.
Image

Overview

  • Apple’s initial Background Security Improvements address a WebKit Navigation API cross‑origin flaw that could bypass the Same Origin Policy, now fixed via improved input validation.
  • The release ships as iOS 26.3.1 (a), iPadOS 26.3.1 (a), macOS 26.3.1 (a), and macOS 26.3.2 (a), with the 26.3.2 (a) build targeted to MacBook Neo.
  • Security researcher Thomas Espach is credited for reporting the vulnerability, which Apple has not said was exploited in the wild.
  • Updates are managed under Settings/System Settings > Privacy & Security > Background Security Improvements—not in the standard Software Update pane—and may require a quick restart.
  • Apple notes rare compatibility issues could prompt temporary removal and reissue, and uninstalling a BSI reverts the device to the baseline OS; organizations and users should keep Automatically Install enabled to reduce exposure.