Apple Fixes WebKit Vulnerability Enabling Same-Origin Policy Bypass on iOS and macOS

2026-03-18

1 min read

by info@thehackernews.com (The Hacker News)

Read Original

Get the latest tech trends every morning

Receive daily AI-curated summaries of engineering articles from top tech companies worldwide.

Endigest AI Core Summary

Apple released Background Security Improvements to patch a WebKit vulnerability (CVE-2026-20643) that allows same-origin policy bypass on iOS and macOS.

•The flaw resides in WebKit's Navigation API and can be exploited via maliciously crafted web content to bypass the same-origin policy.
•Affected versions include iOS 26.3.1, iPadOS 26.3.1, macOS 26.3.1, and macOS 26.3.2; fixes were applied through improved input validation.
•Background Security Improvements is a lightweight patch delivery mechanism for Safari, WebKit, and system libraries, supported from iOS 26.1 and macOS 26 onward.
•Users can manage the feature via Settings > Privacy and Security, with an option to enable automatic installation.
•This follows a recent zero-day fix (CVE-2026-20700) and patches for four flaws exploited in the Coruna exploit kit.

Apple Fixes WebKit Vulnerability Enabling Same-Origin Policy Bypass on iOS and macOS

Get the latest tech trends every morning

Endigest AI Core Summary

Related Articles

China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing

Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

Why Third-Party Risk Is the Biggest Gap in Your Clients' Security Posture