Apple rolls out first Background Security patch to fix WebKit CVE-2026-20643
Apple released the first Background Security Improvements update to fix a WebKit cross-origin flaw (CVE-2026-20643) that could bypass the Same Origin Policy. The lightweight patch arrives outside the normal OS update cycle for iOS 26.3.1, iPadOS 26.3.1, and macOS 26.3.1/26.3.2, and Apple recommends not uninstalling it since removing patches reverts the device to baseline security.