Apple Fixes Critical WebKit Vulnerability

TL;DR

Apple patched a security flaw in WebKit's Navigation API allowing attackers to bypass Same-Origin Policy on iOS and macOS.

What happened

['WebKit vulnerability enabling Same-Origin Policy bypass', 'CVE-2026-20643 tracked']

Why it matters for ops

['Potential exploitation of web content to access sensitive data', 'Same-Origin Policy circumvention for privilege escalation']

Mitigation

• Apply Background Security Improvements immediately
• Monitor network traffic for unusual activities

Action items

• Update WebKit to the latest version
• Review security configurations related to Same-Origin Policy

Detection IOCs

• Maliciously crafted web content interaction
• Unexpected cross-origin requests

Source link

https://thehackernews.com/2026/03/apple-fixes-webkit-vulnerability.html