For HomeFor BusinessFor Partners
Industry News Tips and Tricks
3 min read

Apple Debuts ‘Background Security Improvements’ with Urgent WebKit Fix for iPhone and Mac – Here’s How to Enable the Feature

Filip TRUȚĂ
Filip TRUȚĂ

March 18, 2026

Apple Debuts ‘Background Security Improvements’ with Urgent WebKit Fix for iPhone and Mac – Here’s How to Enable the Feature

Apple has launched the first-ever fix through the new Background Security Improvements feature – an out-of-band avenue destined for small, standalone security fixes that don’t require an entire OS update.

Key takeaways:

  • Apple shipped its first Background Security Improvements update, enabling faster, out-of-band security patches that deliver lightweight fixes between major updates for faster protection.

  • The update fixes a WebKit flaw (CVE-2026-20643) that could bypass the browser’s Same-Origin Policy. Exploitation simply requires a visit to a rogue site.

  • The patch rolls out across iPhone, iPad, and Mac without a full OS update.

  • Users must enable automatic installation to receive these timely security patches.

Available for iPhones, iPads, and Macs

Days after patching old-generation iPhones and iPads against espionage and crypto hacks, the Cupertino tech titan is adding a new security update on iOS – the first delivered through the all-new “Background Security Improvements” channel designed for small, out-of-band fixes that don’t require an OS update.

The update, listed as iOS 26.3.1 (a), iPadOS 26.3.1 (a), macOS 26.3.1 (a), macOS 26.3.2 (a), is offered through the new Background Security Improvements channel to deliver a single fix in WebKit – the web browser engine used by Safari, Mail, App Store, and many other apps across iOS and macOS.

According to the notice, a cross-origin issue in the Navigation API could let an attacker bypass the Same-Origin Policy.

In cyber speak, a cross-origin issue typically refers to a conflict between a browser's Same-Origin Policy (SOP) and a web application's need to access resources from a different domain.

A motivated attacker can exploit the weakness to rig a website, get you to access that website, and ultimately read and steal your data.

In fact, Apple’s own advisory mentions this as the standard attack vector:

Impact: Processing maliciously crafted web content may bypass Same Origin Policy
Description: A cross-origin issue in the Navigation API was addressed with improved input validation.

The issue, tracked as CVE-2026-20643, was reported to Apple by a researcher named Thomas Espach.

What Is Apple’s ‘Background Security Improvements?’

Background Security Improvements is a new feature starting with iOS 26.1, iPadOS 26.1, and macOS 26.1 designed to “deliver additional security protections between software updates,” according to Apple Support.

“Background Security Improvements deliver lightweight security releases for components such as the Safari browser, WebKit framework stack, and other system libraries that benefit from smaller, ongoing security patches between software updates,” the tech giant explains. “In rare instances of compatibility issues, Background Security Improvements may be temporarily removed and then enhanced in a subsequent software update.”

Apple says it will publish information about Background Security Improvements by date in this space, along with components patched and CVE details, when and if applicable.

How to enable ‘Background Security Improvements’ for iPhone, iPad, Mac

If you’re not yet on the bandwagon, here’s how to enable Background Security Improvements on your iPhone, iPad or Mac:

  1. Make sure your software is at least at iOS 26.1, iPadOS 26.1, or macOS 26.1 to use the feature.
  2. On iPhone and iPad: Go to Settings, then tap Privacy & Security.
  3. On Mac: From Apple menu, choose System Settings. Then click Privacy & Security.
  4. Go to Background Security Improvements and slide on “Automatically Install”

Note: According to Apple Support, if you turn off this setting, your device will not receive these improvements until they're included in a software update. Also, if a Background Security Improvement has been applied, and you remove it for one reason or another, your device will revert to the baseline software update (for example, iOS 26.3) with no Background Security Improvements applied.

Update today!

As we always note, even if you’re not a high-risk person, it’s a good idea to stay up to date with the latest security patches – you never know when you trip a wire and become a target.

As of today, you want to be on iOS 26.3.1 (a), iPadOS 26.3.1 (a), macOS 26.3.1 (a), and macOS 26.3.2 (a).

For peace of mind, run an independent security solution on all your personal devices. On Apple devices, keep the trusty Lockdown Mode toggle handy if you have reason to believe hackers might target you.

You may also want to read:

Apple Patches Older iPhones Against ‘Coruna’ Hacks Used in Espionage and Crypto Theft

iOS 26.3 Fixes an Important Security Flaw Exploited in Targeted Hacker Attacks. Update Now!

AI Is Turbocharging Scams Worldwide, INTERPOL Warns

tags

Industry News Tips and Tricks

Author

Filip TRUȚĂ

Filip TRUȚĂ

Filip has 17 years of experience in technology journalism. In recent years, he has focused on cybersecurity in his role as a Security Analyst at Bitdefender.

View all posts

You might also like

Bookmarks

loader