Apple has released a new security update to address a critical WebKit vulnerability tracked as CVE-2026-20643. The vulnerability was identified as a cross-origin issue within the Navigation API of WebKit, the browser engine that underpins Safari and other web-based functionality across iOS, iPadOS, and macOS.  

The flaw could allow maliciously crafted web content to bypass the Same Origin Policy, a fundamental security control that prevents unauthorized data access between websites. 

Apple addressed this issue through improved input validation. The fix was released as part of Background Security Improvements for: 

iOS 26.3.1 (a)  iPadOS 26.3.1 (a)  macOS 26.3.1 (a)  macOS 26.3.2 (a)  T...