嗯,用户让我帮忙总结一下这篇文章的内容,控制在一百个字以内。首先,我需要仔细阅读文章,理解其主要内容。 文章主要讲的是苹果公司发布了第一个Background Security Improvements更新,修复了一个WebKit漏洞CVE-2026-20643。这个漏洞允许恶意网页内容绕过浏览器的同源策略。苹果通过改进输入验证解决了这个问题,并且这是他们第一次使用Background Security Improvements功能来推送安全补丁,而不需要用户升级整个操作系统。 接下来,我需要将这些信息浓缩到一百个字以内。要抓住关键点:苹果修复了WebKit漏洞,通过Background Security Improvements功能推送补丁,无需系统升级。同时提到这个漏洞允许恶意内容绕过同源策略。 可能的结构是:苹果发布首个背景安全更新修复WebKit漏洞CVE-2026-20643,无需系统升级;该漏洞使恶意内容绕过同源策略。 检查一下字数是否在限制内,并确保信息准确无误。 </think> 苹果发布首个背景安全更新修复WebKit漏洞CVE-2026-20643,无需系统升级;该漏洞使恶意内容绕过同源策略。 2026-3-18 01:15:17 Author: www.bleepingcomputer.com(查看原文) 阅读量:8 收藏
Apple has released its first Background Security Improvements update to fix a WebKit flaw tracked as CVE-2026-20643 on iPhones, iPads, and Macs without requiring a full operating system upgrade.
The CVE-2026-20643 flaw allows malicious web content to bypass the browser's Same Origin Policy.
Apple says the flaw is a cross-origin issue in the Navigation API that was addressed with improved input validation.
The vulnerability was discovered by security researcher Thomas Espach, with the new update available on iOS 26.3.1, iPadOS 26.3.1, macOS 26.3.1, and macOS 26.3.2.
This release is the first time Apple has pushed a security fix through its new Background Security Improvements feature, which is used to deliver small out-of-band patches outside the normal security update cycle.
"Background Security Improvements deliver lightweight security releases for components such as the Safari browser, WebKit framework stack, and other system libraries that benefit from smaller, ongoing security patches between software updates," explains Apple.
"In rare instances of compatibility issues, Background Security Improvements may be temporarily removed and then enhanced in a subsequent software update."
In the past, Apple security updates required users to install a new OS version and restart their device. However, with Background Security Improvements, Apple can now deliver small updates that are applied to specific components in the background.
Apple added the feature in iOS 26.1, iPadOS 26.1, and macOS 26.1, stating it was to be used to quickly patch security flaws between releases.
Users can access the feature through their device settings under the Privacy & Security menu.
- On iPhone and iPad: Go to Settings, then tap Privacy & Security.
- On Mac: From the Apple menu, choose System Settings. Then click Privacy & Security.
Apple warns that uninstalling a Background Security Improvements update removes all previously applied background patches, reverting the device to the baseline OS version (such as iOS 26.3.1) without any of the incremental security fixes.
This effectively removes the rapid-response security protections delivered through this feature, leaving devices at the baseline security level until the updates are reapplied or included in a future full update.
Therefore, unless a baseline security improvement causes an issue on your device, it is strongly recommended that they not be uninstalled.
Red Report 2026: Why Ransomware Encryption Dropped 38%
Malware is getting smarter. The Red Report 2026 reveals how new threats use math to detect sandboxes and hide in plain sight.
Download our analysis of 1.1 million malicious samples to uncover the top 10 techniques and see if your security stack is blinded.
如有侵权请联系:admin#unsafe.sh