Apple Pushes Update to Fix Critical WebKit Flaw
Apple has released an initial "Background Security Improvement" update for iOS 26.3.1 (a), iPadOS 26.3.1 (a), macOS 26.3.1 (a) and the newer build, targeting a critical WebKit flaw tracked as CVE-2025-4879 that allows malicious web content to bypass Safari's Same Origin Policy without requiring users to install an operating system upgrade or visit Apple Support pages for installation instructions; this marks the debut of what TechCrunch describes as "background security improvement," effectively renaming and replacing its previous Rapid Security Response program, which is designed...
Key Points
-
1Apple has launched its first 'Background Security Improvements' system via iOS and macOS updates to address critical vulnerabilities without requiring full OS reboots.
-
2The initial patch targets CVE-2026-20643, a WebKit flaw allowing malicious websites to bypass the Same-Origin Policy (SOP) on Safari browsers across Apple devices.
-
3Updates are being delivered as lightweight patches between major software releases rather than through traditional full system updates.
-
4The vulnerability affects iOS 18.x and macOS Sequoia versions, enabling cross-origin attacks that could expose user data.
Developments
Apple hat erstmals ein Hintergrund-Sicherheitsupdate eingeführt, um eine kritische WebKit-Lücke (CVE-2026-20643) ohne Neustart zu schließen. Dieses Update betrifft iOS/iPadOS 18.x und macOS Sequoia-Benutzer durch gezielte Patches für Komponenten wie Safari oder Systembibliotheken, die von Sicherheitsforscher Thomas Espach entdeckt wurden.
Apple has released urgent background updates for iOS 26.3.x/iPadOS/macos addressing CVE-2026-20643, a critical WebKit same-origin policy bypass vulnerability that could allow exploitation by malicious users who can circumvent the security mechanism used to manage website data origins based on their source origin (origin).