Apple Patches WebKit Zero-Day in iOS, macOS

Apple addressed a significant WebKit security flaw on Tuesday, March 18, 2026, through its newly deployed system for lightweight patches. This represents the company’s first use of Background Security Improvements, a mechanism designed to deliver ongoing security fixes more efficiently.

The vulnerability, tracked as CVE-2026-20643, is a cross-origin issue in WebKit’s Navigation API. Consequently, it could allow attackers to bypass the same-origin policy when processing specifically crafted web content.

The flaw affected iOS 26.3.1, iPadOS 26.3.1, macOS 26.3.1, and macOS 26.3.2. Apple resolved it with improved input validation in subsequent minor releases credited to researcher Thomas Espach.

Background Security Improvements are supported starting with iOS 26.1, iPadOS 26.1, and macOS 26. Meanwhile, the company notes they may be temporarily removed if compatibility issues arise.

Users control these updates via the Privacy and Security menu in Settings. Keeping the “Automatically Install” option enabled is advised to ensure immediate installation.

If disabled, users must wait for the next full software update. This feature is analogous to the Rapid Security Response system Apple introduced in iOS 16.

Removing an applied improvement reverts the device to its baseline software version. This development follows recent patches for other exploited vulnerabilities, including one targeted by the Coruna exploit kit.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

• CBO: U.S. Debt to Hit $64 Trillion by 2036 Amid BRICS Exit
• Crypto Payments Double in Australia Despite Banking Hurdles
• Meta Shuts Down Virtual Reality Horizon Worlds in June
• Bitrefill hacked by Lazarus Group-linked cyberattack
• NVIDIA’s DLSS 5 Sparks Backlash Over “AI Art” Changes