Apple has released its first Background Security Improvements update to fix a WebKit flaw tracked as CVE-2026–20643 on iPhones, iPads, and Macs without requiring a full operating system upgrade.

The CVE-2026–20643 flaw allows malicious web content to bypass the browser’s Same Origin Policy.

Apple says the flaw is a cross-origin issue in the Navigation API that was addressed with improved input validation.