Apple issues first Background Security Improvements fix
🔒 Apple has pushed its first Background Security Improvements release to patch a WebKit vulnerability tracked as CVE-2026-20643 on iPhone, iPad, and Mac without requiring a full OS upgrade. The flaw is a cross-origin issue in the Navigation API that could allow malicious web content to bypass the browser's Same Origin Policy, and Apple says it fixed the bug with improved input validation. Credited to researcher Thomas Espach, the update is available on iOS 26.3.1, iPadOS 26.3.1, and macOS 26.3.1/26.3.2; Apple warns that uninstalling Background Security Improvements removes all prior background patches and reverts the device to the baseline OS.
