INSPECTING ARCHIVED INTELLIGENCE (OUTDATED VERSION).

Apple Fixes WebKit Vulnerability with Background Security Update

| 2026-03-18 11:19 CRITICAL LOW
JSON
Executive Summary AI-generated
The WebKit vulnerability, tracked as CVE-2026-20643, has been patched by Apple. This patch installs on top of versions 26.3.1/26.3.2 and not as a separate full OS version. For iOS users, the latest software update can be checked in Settings > General > Software Update. The vulnerability allows malicious websites to pretend to be another site you trust and access your data. Apple has released Background Security Improvements to patch this flaw, which are only available on the latest OS branch (26.x) and apply silently in the background if running the latest version.
Technical Mitigations AI-generated
* Enable Automatic Updates: On Macs running macOS Tahoe (26.3.+), users can check if they have the Background Security Improvements option set to enabled by going to System Settings > Privacy & Security, then scrolling down and clicking on "Background Security Improvements". If it's off, the Mac won't get these security improvements until a later full update. * Install Background Security Improvements: On Macs running macOS Tahoe (26.3.+), users can check if they have the Background Security Improvements option set to enabled by following these instructions: Click Apple menu > System Settings > Privacy & Security, then scroll down and click on "Background Security Improvements". Make sure Automatically Install is turned on. * Check for iOS and iPadOS Updates: On iPhone and iPad users with iOS 26.3.+ or later, they can check if they have the Background Security Improvements toggle under Privacy & Security > Background Security Improvements. * Verify macOS Version: On Macs running macOS Tahoe (26.3.+), users can verify their OS version by going to About This Mac in the upper-left corner of the screen and looking for the "macOS name" and "version number". If they need to know the build number, clicking on the version number will show it. * Check for Malwarebytes Updates: On iOS devices with iOS 26.3.+ or later, users can check if their device is up-to-date by going to Settings > General > Software Update.
Intelligence Metadata
Actors / Malware / CVEs / Campaigns
CVE-2023-43010CVE-2023-43010 CVE-2026-20643CVE-2026-20643 CVE-2026-20700CVE-2026-20700 CVE-2024-23222CVE-2024-23222 CVE-2023-41974CVE-2023-41974 CVE-2023-43000CVE-2023-43000
Target & Sectors
Global Scope
Incident Timeline
2026-03-11
Threat actors used Apple's WebKit software to target iPhone devices and exploit four previously unknown security vulnerabilities (CVE-2023-43010, CVE-2023-43000, CVE-2023-41974, and CVE-2024-23222).
organisation CVE-2023-43010
Last week, the iPhone maker also expanded patches for four security flaws (CVE-2023-43010, CVE-2023-43000, CVE-2023-41974, and CVE-2024-23222) that were weaponized as part of the Coruna exploit kit.
organisation CVE-2023-43000
Last week, the iPhone maker also expanded patches for four security flaws (CVE-2023-43010, CVE-2023-43000, CVE-2023-41974, and CVE-2024-23222) that were weaponized as part of the Coruna exploit kit.
organisation CVE-2023-41974
Last week, the iPhone maker also expanded patches for four security flaws (CVE-2023-43010, CVE-2023-43000, CVE-2023-41974, and CVE-2024-23222) that were weaponized as part of the Coruna exploit kit.
organisation CVE-2024-23222
Last week, the iPhone maker also expanded patches for four security flaws (CVE-2023-43010, CVE-2023-43000, CVE-2023-41974, and CVE-2024-23222) that were weaponized as part of the Coruna exploit kit.
organisation iPhone
Last week, the iPhone maker also expanded patches for four security flaws (CVE-2023-43010, CVE-2023-43000, CVE-2023-41974, and CVE-2024-23222) that were weaponized as part of the Coruna exploit kit.
Mar 18, 2026
Threat actors exploited a previously unknown WebKit bug to gain unauthorized access to targeted websites.
18, 2026
Threat actors exploited a previously unknown vulnerability in WebKit, allowing sites to access user data on affected iOS, iPadOS, and macOS devices.
infrastructure Ios
 Ravie Lakshmanan  Mar 18, 2026 Vulnerability / Zero-Day Apple on Tuesday released its first round of Background Security Improvements to address a security flaw in WebKit that affects iOS, iPadOS, and macOS.
infrastructure Macos
 Ravie Lakshmanan  Mar 18, 2026 Vulnerability / Zero-Day Apple on Tuesday released its first round of Background Security Improvements to address a security flaw in WebKit that affects iOS, iPadOS, and macOS.
organisation Vulnerability / Zero-Day
 Ravie Lakshmanan  Mar 18, 2026 Vulnerability / Zero-Day Apple on Tuesday released its first round of Background Security Improvements to address a security flaw in WebKit that affects iOS, iPadOS, and macOS.
organisation Apple
 Ravie Lakshmanan  Mar 18, 2026 Vulnerability / Zero-Day Apple on Tuesday released its first round of Background Security Improvements to address a security flaw in WebKit that affects iOS, iPadOS, and macOS.
organisation WebKit
 Ravie Lakshmanan  Mar 18, 2026 Vulnerability / Zero-Day Apple on Tuesday released its first round of Background Security Improvements to address a security flaw in WebKit that affects iOS, iPadOS, and macOS.
2026-03-18
Apple released a Background Security Improvement to patch a WebKit vulnerability that could allow malicious websites to bypass browser protections and access data from other sites.
infrastructure Ios
Keep threats off your mobile devices by  downloading Malwarebytes for iOS , and Malwarebytes for Android today.
Apple Fixes WebKit Vulnerability Enabling Same-Origin Policy Bypass on iOS and macOS.
The flaw affects iOS 26.3.1, iPadOS 26.3.1, macOS 26.3.1, and macOS 26.3.2.
It has been addressed with improved input validation in iOS 26.3.1 (a), iPadOS 26.3.1 (a), macOS 26.3.1 (a), and macOS 26.3.2 (a).
The feature is supported and enabled for future releases starting with iOS 26.1, iPadOS 26.1, and macOS 26.
Viewed in that light, the feature is analogous to Rapid Security Response , which it introduced in iOS 16 as a way to install minor security updates.
"If a Background Security Improvement has been applied, and you choose to remove it, your device reverts to the baseline software update (for example, iOS 26.3) with no Background Security Improvements applied," Apple noted in a help document.
The development comes little over a month after Apple issued fixes for an actively exploited zero-day impacting iOS, iPadOS, macOS Tahoe, tvOS, watchOS, and visionOS (CVE-2026-20700, CVSS score: 7.8) that could result in arbitrary code execution.
The vulnerability was discovered by security researcher Thomas Espach, with the new update available on iOS 26.3.1, iPadOS 26.3.1, macOS 26.3.1, and macOS 26.3.2.
Background Security Improvements feature Apple added the feature in iOS 26.1, iPadOS 26.1, and macOS 26.1, stating it was to be used to quickly patch security flaws between releases.
Apple warns that uninstalling a Background Security Improvements update removes all previously applied background patches, reverting the device to the baseline OS version (such as iOS 26.3.1) without any of the incremental security fixes.
WebKit vulnerabilities refer to security flaws in Apple’s web rendering engine, which powers Safari, Mail, and the App Store on iOS and macOS.
For iOS and iPadOS users, you can check if you’re using the latest software version by  going to  Settings > General > Software Update .
infrastructure Android
Keep threats off your mobile devices by  downloading Malwarebytes for iOS , and Malwarebytes for Android today.
infrastructure Macos
Apple Fixes WebKit Vulnerability Enabling Same-Origin Policy Bypass on iOS and macOS.
The flaw affects iOS 26.3.1, iPadOS 26.3.1, macOS 26.3.1, and macOS 26.3.2.
It has been addressed with improved input validation in iOS 26.3.1 (a), iPadOS 26.3.1 (a), macOS 26.3.1 (a), and macOS 26.3.2 (a).
The feature is supported and enabled for future releases starting with iOS 26.1, iPadOS 26.1, and macOS 26.
The development comes little over a month after Apple issued fixes for an actively exploited zero-day impacting iOS, iPadOS, macOS Tahoe, tvOS, watchOS, and visionOS (CVE-2026-20700, CVSS score: 7.8) that could result in arbitrary code execution.
The vulnerability was discovered by security researcher Thomas Espach, with the new update available on iOS 26.3.1, iPadOS 26.3.1, macOS 26.3.1, and macOS 26.3.2.
Background Security Improvements feature Apple added the feature in iOS 26.1, iPadOS 26.1, and macOS 26.1, stating it was to be used to quickly patch security flaws between releases.
WebKit vulnerabilities refer to security flaws in Apple’s web rendering engine, which powers Safari, Mail, and the App Store on iOS and macOS.
The information shown there includes the macOS name and version number.
organisation Apple Fixes
Apple Fixes WebKit Vulnerability Enabling Same-Origin Policy Bypass on iOS and macOS.
infrastructure 26.1
The feature is supported and enabled for future releases starting with iOS 26.1, iPadOS 26.1, and macOS 26.
Background Security Improvements feature Apple added the feature in iOS 26.1, iPadOS 26.1, and macOS 26.1, stating it was to be used to quickly patch security flaws between releases.
infrastructure 26.1 iPadOS
The feature is supported and enabled for future releases starting with iOS 26.1, iPadOS 26.1, and macOS 26.
Background Security Improvements feature Apple added the feature in iOS 26.1, iPadOS 26.1, and macOS 26.1, stating it was to be used to quickly patch security flaws between releases.
organisation Rapid Security Response
Viewed in that light, the feature is analogous to Rapid Security Response , which it introduced in iOS 16 as a way to install minor security updates.
infrastructure 26.3
"If a Background Security Improvement has been applied, and you choose to remove it, your device reverts to the baseline software update (for example, iOS 26.3) with no Background Security Improvements applied," Apple noted in a help document.
organisation Background Security Improvement
"If a Background Security Improvement has been applied, and you choose to remove it, your device reverts to the baseline software update (for example, iOS 26.3) with no Background Security Improvements applied," Apple noted in a help document.
Apple has released a Background Security Improvement to patch a flaw that could allow malicious websites to bypass browser protections and access data from other sites.
organisation CVSS
The development comes little over a month after Apple issued fixes for an actively exploited zero-day impacting iOS, iPadOS, macOS Tahoe, tvOS, watchOS, and visionOS (CVE-2026-20700, CVSS score: 7.8) that could result in arbitrary code execution.
infrastructure 26.3.1
The vulnerability was discovered by security researcher Thomas Espach, with the new update available on iOS 26.3.1, iPadOS 26.3.1, macOS 26.3.1, and macOS 26.3.2.
Apple warns that uninstalling a Background Security Improvements update removes all previously applied background patches, reverting the device to the baseline OS version (such as iOS 26.3.1) without any of the incremental security fixes.
What to do This patch for a WebKit vulnerability, tracked as CVE-2026-20643 , installs on top of versions 26.3.1/26.3.2 and not as a separate full OS version.
After the update, your OS version should show 26.3.1 (a), except for MacBook Neos which should be at 26.3.2 (a).
infrastructure 26.3.2
The vulnerability was discovered by security researcher Thomas Espach, with the new update available on iOS 26.3.1, iPadOS 26.3.1, macOS 26.3.1, and macOS 26.3.2.
What to do This patch for a WebKit vulnerability, tracked as CVE-2026-20643 , installs on top of versions 26.3.1/26.3.2 and not as a separate full OS version.
After the update, your OS version should show 26.3.1 (a), except for MacBook Neos which should be at 26.3.2 (a).
organisation Apple
Apple pushes first Background Security Improvements update to fix WebKit flaw.
Apple patches WebKit bug that could let sites access your data.
organisation WebKit
Apple pushes first Background Security Improvements update to fix WebKit flaw.
What to do This patch for a WebKit vulnerability, tracked as CVE-2026-20643 , installs on top of versions 26.3.1/26.3.2 and not as a separate full OS version.
organisation Background Security Improvements
Apple pushes first Background Security Improvements update to fix WebKit flaw.
Apple notes that Background Security Improvements are meant for delivering lightweight security releases for components such as the Safari browser, WebKit framework stack, and other system libraries through smaller, ongoing security patches rather than issuing them as part of larger software updates.
Background Security Improvements are only available on the latest OS branch (26.x) and apply silently in the background if you’re on the latest version.
organisation iPhones
Apple has released its first Background Security Improvements update to fix a WebKit flaw tracked as CVE-2026-20643 on iPhones, iPads, and Macs without requiring a full operating system upgrade.
organisation Macs
Apple has released its first Background Security Improvements update to fix a WebKit flaw tracked as CVE-2026-20643 on iPhones, iPads, and Macs without requiring a full operating system upgrade.
organisation Same Origin Policy
The CVE-2026-20643 flaw allows malicious web content to bypass the browser's Same Origin Policy.
organisation iPhone
On iPhone and iPad: Go to Settings, then tap Privacy & Security.
For iPhone and iPad users, this setting can be found under Privacy & Security , where you can scroll down and look for the Background Security Improvements toggle.
organisation iPad
On iPhone and iPad: Go to Settings, then tap Privacy & Security.
For iPhone and iPad users, this setting can be found under Privacy & Security , where you can scroll down and look for the Background Security Improvements toggle.
organisation tap Privacy & Security
On iPhone and iPad: Go to Settings, then tap Privacy & Security.
organisation Privacy & Security
For iPhone and iPad users, this setting can be found under Privacy & Security , where you can scroll down and look for the Background Security Improvements toggle.
Then click Privacy & Security.
organisation MacBook Neos
After the update, your OS version should show 26.3.1 (a), except for MacBook Neos which should be at 26.3.2 (a).
organisation the Navigation API
Apple says the flaw is a cross-origin issue in the Navigation API that was addressed with improved input validation.
organisation The Red Report 2026
The Red Report 2026 reveals how new threats use math to detect sandboxes and hide in plain sight.
organisation This Background Security Improvement
This Background Security Improvement is only available for Mac users running Tahoe 26.3.1 and MacBook Neo users running 26.3.2.
organisation Tahoe 26.3.1
This Background Security Improvement is only available for Mac users running Tahoe 26.3.1 and MacBook Neo users running 26.3.2.
organisation the Background Security Improvements
All users have to do is to check if they have the Background Security Improvements option set to  enabled.
organisation Privacy   & Security
In the sidebar, click  Privacy   & Security .
organisation Scroll
Scroll down on the right and click Background Security Improvements .
organisation Mac
If it’s off, the Mac won’t get Background Security Improvements until the fixes are rolled into a later full update.
Tactical Metrics
Metrics
infrastructure
​Ios
Affected Product
Apple Fixes WebKit Vulnerability Enabling Same-Origin Policy Bypass on iOS and macOS.
 Ravie Lakshmanan  Mar 18, 2026 Vulnerability / Zero-Day Apple on Tuesday released its first round of Background Security Improvements to address a security flaw in WebKit that affects iOS, iPadOS, and macOS.
The flaw affects iOS 26.3.1, iPadOS 26.3.1, macOS 26.3.1, and macOS 26.3.2.
It has been addressed with improved input validation in iOS 26.3.1 (a), iPadOS 26.3.1 (a), macOS 26.3.1 (a), and macOS 26.3.2 (a).
The feature is supported and enabled for future releases starting with iOS 26.1, iPadOS 26.1, and macOS 26.
Viewed in that light, the feature is analogous to Rapid Security Response , which it introduced in iOS 16 as a way to install minor security updates.
"If a Background Security Improvement has been applied, and you choose to remove it, your device reverts to the baseline software update (for example, iOS 26.3) with no Background Security Improvements applied," Apple noted in a help document.
The development comes little over a month after Apple issued fixes for an actively exploited zero-day impacting iOS, iPadOS, macOS Tahoe, tvOS, watchOS, and visionOS (CVE-2026-20700, CVSS score: 7.8) that could result in arbitrary code execution.
The vulnerability was discovered by security researcher Thomas Espach, with the new update available on iOS 26.3.1, iPadOS 26.3.1, macOS 26.3.1, and macOS 26.3.2.
Background Security Improvements feature Apple added the feature in iOS 26.1, iPadOS 26.1, and macOS 26.1, stating it was to be used to quickly patch security flaws between releases.
Apple warns that uninstalling a Background Security Improvements update removes all previously applied background patches, reverting the device to the baseline OS version (such as iOS 26.3.1) without any of the incremental security fixes.
WebKit vulnerabilities refer to security flaws in Apple’s web rendering engine, which powers Safari, Mail, and the App Store on iOS and macOS.
For iOS and iPadOS users, you can check if you’re using the latest software version by  going to  Settings > General > Software Update .
Keep threats off your mobile devices by  downloading Malwarebytes for iOS , and Malwarebytes for Android today.
Metrics
infrastructure
​Macos
Affected Product
Apple Fixes WebKit Vulnerability Enabling Same-Origin Policy Bypass on iOS and macOS.
 Ravie Lakshmanan  Mar 18, 2026 Vulnerability / Zero-Day Apple on Tuesday released its first round of Background Security Improvements to address a security flaw in WebKit that affects iOS, iPadOS, and macOS.
The flaw affects iOS 26.3.1, iPadOS 26.3.1, macOS 26.3.1, and macOS 26.3.2.
It has been addressed with improved input validation in iOS 26.3.1 (a), iPadOS 26.3.1 (a), macOS 26.3.1 (a), and macOS 26.3.2 (a).
The feature is supported and enabled for future releases starting with iOS 26.1, iPadOS 26.1, and macOS 26.
The development comes little over a month after Apple issued fixes for an actively exploited zero-day impacting iOS, iPadOS, macOS Tahoe, tvOS, watchOS, and visionOS (CVE-2026-20700, CVSS score: 7.8) that could result in arbitrary code execution.
The vulnerability was discovered by security researcher Thomas Espach, with the new update available on iOS 26.3.1, iPadOS 26.3.1, macOS 26.3.1, and macOS 26.3.2.
Background Security Improvements feature Apple added the feature in iOS 26.1, iPadOS 26.1, and macOS 26.1, stating it was to be used to quickly patch security flaws between releases.
WebKit vulnerabilities refer to security flaws in Apple’s web rendering engine, which powers Safari, Mail, and the App Store on iOS and macOS.
The information shown there includes the macOS name and version number.
Metrics
infrastructure
​26.1
Software Version
The feature is supported and enabled for future releases starting with iOS 26.1, iPadOS 26.1, and macOS 26.
Background Security Improvements feature Apple added the feature in iOS 26.1, iPadOS 26.1, and macOS 26.1, stating it was to be used to quickly patch security flaws between releases.
Metrics
infrastructure
26
Ipados
The feature is supported and enabled for future releases starting with iOS 26.1, iPadOS 26.1, and macOS 26.
Background Security Improvements feature Apple added the feature in iOS 26.1, iPadOS 26.1, and macOS 26.1, stating it was to be used to quickly patch security flaws between releases.
Metrics
infrastructure
​26.3
Software Version
"If a Background Security Improvement has been applied, and you choose to remove it, your device reverts to the baseline software update (for example, iOS 26.3) with no Background Security Improvements applied," Apple noted in a help document.
Metrics
infrastructure
​26.3.1
Software Version
The vulnerability was discovered by security researcher Thomas Espach, with the new update available on iOS 26.3.1, iPadOS 26.3.1, macOS 26.3.1, and macOS 26.3.2.
Apple warns that uninstalling a Background Security Improvements update removes all previously applied background patches, reverting the device to the baseline OS version (such as iOS 26.3.1) without any of the incremental security fixes.
What to do This patch for a WebKit vulnerability, tracked as CVE-2026-20643 , installs on top of versions 26.3.1/26.3.2 and not as a separate full OS version.
After the update, your OS version should show 26.3.1 (a), except for MacBook Neos which should be at 26.3.2 (a).
Metrics
infrastructure
​26.3.2
Software Version
The vulnerability was discovered by security researcher Thomas Espach, with the new update available on iOS 26.3.1, iPadOS 26.3.1, macOS 26.3.1, and macOS 26.3.2.
What to do This patch for a WebKit vulnerability, tracked as CVE-2026-20643 , installs on top of versions 26.3.1/26.3.2 and not as a separate full OS version.
After the update, your OS version should show 26.3.1 (a), except for MacBook Neos which should be at 26.3.2 (a).
Metrics
infrastructure
​Android
Affected Product
Keep threats off your mobile devices by  downloading Malwarebytes for iOS , and Malwarebytes for Android today.
Intelligence Sources
The Hacker News 2026-03-18
BleepingComputer 2026-03-18
Malware Bytes 2026-03-18