CP
cyberpings
VulnerabilitiesHIGH

WebKit Vulnerability - Apple Addresses Same-Origin Policy Bypass

THThe Hacker News
CVE-2026-20643WebKitAppleiOSmacOS
🎯

Basically, Apple fixed a security hole that could let bad websites access your private data.

Quick Summary

Apple has addressed a serious WebKit vulnerability that could allow attackers to bypass security measures on iOS and macOS. Users must update their devices to protect sensitive data. This fix is part of Apple's ongoing commitment to user security.

The Flaw

Apple recently released a series of Background Security Improvements to address a significant vulnerability in WebKit, affecting iOS, iPadOS, and macOS. This vulnerability, identified as CVE-2026-20643, is a cross-origin issue within WebKit's Navigation API. It allows maliciously crafted web content to bypass the same-origin policy, which is a critical security measure that prevents web pages from accessing data from different origins.

This flaw has been categorized as high severity due to its potential to expose sensitive user data. The affected versions include iOS 26.3.1, iPadOS 26.3.1, macOS 26.3.1, and macOS 26.3.2. Apple has implemented improved input validation to mitigate this risk, ensuring that users are better protected against such exploits.

What's at Risk

The implications of this vulnerability are serious. By bypassing the same-origin policy, attackers could potentially access sensitive information stored in web applications. This includes cookies, session tokens, and other private data that are typically safeguarded by this policy. If exploited, users could face data theft or unauthorized actions taken on their behalf.

Security researcher Thomas Espach discovered and reported this vulnerability, highlighting the importance of community vigilance in identifying security flaws. Apple’s rapid response to patch this flaw demonstrates its commitment to user security, but it also underscores the ongoing risks associated with web technologies.

Patch Status

Apple's Background Security Improvements are designed to deliver timely security updates without the need for larger software releases. Users are encouraged to enable the Automatically Install option in their settings to ensure they receive these critical updates as soon as they are available.

For those who prefer manual updates, it’s crucial to check for new software versions regularly. If a Background Security Improvement is applied and later removed, devices revert to the baseline software version, which does not include the latest protections. This feature is similar to Apple’s Rapid Security Response, introduced to streamline security enhancements.

Immediate Actions

To protect yourself from this vulnerability, it is essential to update your devices to the latest versions as soon as possible. Here are some steps you can take:

  • Navigate to the Settings app on your device.
  • Ensure that the Automatically Install option for updates is enabled.
  • Regularly check for updates and install them promptly.

By taking these actions, you can significantly reduce your risk of falling victim to exploits that leverage this vulnerability. Staying informed about security updates is a vital part of maintaining your digital safety.

🔒 Pro insight: The rapid deployment of this patch reflects Apple's proactive approach to vulnerabilities, but users must remain vigilant against potential exploitation.

Original article from

The Hacker News

Read Full Article

Share

Related Pings

HIGHVulnerabilities

AWS Bedrock Tool - Vulnerability Enables Data Exfiltration

A significant vulnerability in AWS Bedrock allows data exfiltration through DNS leaks. This flaw poses a risk to sensitive data for organizations. Immediate action is needed to mitigate potential breaches.

SC Media·
CRITICALVulnerabilities

Critical IP KVM Flaws - Unauthenticated Root Access Exposed

Researchers have flagged nine critical flaws in IP KVM devices, allowing hackers to gain root access. Affected devices include GL-iNet and Angeet models. Immediate action is crucial to prevent extensive control over systems.

The Hacker News·
HIGHVulnerabilities

Ubuntu CVE-2026-3888 - Critical Privilege Escalation Flaw

A critical vulnerability in Ubuntu allows local attackers to gain root access. Default installations of Ubuntu Desktop 24.04 and later are affected. Immediate patching is essential to prevent system takeover. Stay updated to secure your systems.

The Hacker News·
HIGHVulnerabilities

Apple Issues Lightweight Security Updates for Vulnerabilities

Apple has launched Background Security Improvements to deliver timely security updates for iOS, iPadOS, and macOS. This initiative addresses vulnerabilities like CVE-2026-20643. Users can enable automatic updates to stay secure. Don't miss out on these essential patches!

Help Net Security·
HIGHVulnerabilities

WhatsApp Vulnerability - 4th View Once Bypass Discovered

A researcher has uncovered a fourth way to bypass WhatsApp's View Once feature. Meta will not fix this vulnerability, raising serious privacy concerns for users. This highlights ongoing issues with the app's security measures.

SecurityWeek·
HIGHVulnerabilities

Windows Vulnerability - RegPwn Enables Full System Access

A high-severity Windows vulnerability, RegPwn, allows low-privileged users to gain full SYSTEM access. This flaw poses significant risks, making it crucial for users to apply the latest patches. Stay informed and secure your systems against this exploit.

Cyber Security News·