The severity is HIGH due to the potential for cross-origin attacks via malicious web content, which could lead to unauthorized access or information disclosure. The real-world exploitability is moderate as it requires specific user interaction with compromised websites.
Apple's Background Security Improvements feature delivers lightweight security fixes for components like Safari, WebKit, and system libraries. The first fix targets CVE-2026-20643, a cross-origin bug in WebKit that could be exploited through malicious web content. Users should ensure the 'Automatically Install' option is turned on to benefit from these protections.
Affected Systems
- iOS
- iPadOS
- macOS
Affected Versions: All versions up to but not including the updates iOS 26.3.1 (a), iPadOS 26.3.1 (a), macOS 26.3.1 (a), and macOS 26.3.2 (a)
Remediation
- Ensure Background Security Improvements are enabled by going to Settings > Privacy & Security and turning on 'Automatically Install'
- Update to the latest versions: iOS 26.3.1 (a), iPadOS 26.3.1 (a), macOS 26.3.1 (a), or macOS 26.3.2 (a)
Stack Impact
WebKit Safari