Apple has issued a new security update for iPhones, iPads and Macs to fix a flaw in its Safari browser that could expose user data.
In a notice released on Tuesday, the company said the issue affects WebKit, the engine that powers Safari and many other apps.
A security researcher found the flaw, which could allow a malicious website to access data from another site opened in the same browser session.
Apple said the problem has now been fixed with improved checks on how web content is handled.
The update is part of what the company calls “background security improvements”. These are smaller updates that provide fixes between full software releases. They are available on devices running the latest versions of iOS, iPadOS and macOS.
Subscribe to our Telegram channel for the latest updates.
Follow the latest developments with instant alerts on breaking news, top stories, and trending headlines.
Unlike regular updates, this one installs quickly and only requires a short restart. Apple said the feature is designed to push out urgent fixes without waiting for larger system upgrades.
The vulnerability involved a cross-origin issue in the browser’s Navigation API. If exploited, it could bypass the same-origin policy, a key security regulation that keeps data from different websites separate.
Apple did not explain how widely the flaw may have been used and also did not give further details on the discovery beyond crediting researcher Thomas Espach.
The Safari security update was released on March 17, 2026, by Apple, and applies to iOS 26.3.1, iPadOS 26.3.1 and macOS versions 26.3.1 and 26.3.2.
Apple has tested similar updates in recent months before rolling out this system globally. The company said it will continue to use background updates to address certain security issues more quickly.
