Apple releases lightweight security fix for iOS 26.1 and later
Apple has released its first “background security improvement” update, addressing a security vulnerability in the Safari web browser across iPhones, iPads, and Macs. The update, based on a security advisory, aims to mitigate a bug in WebKit, the engine that powers Safari, which could potentially allow malicious websites to access data from other websites within the same browser session.
The introduction of these background security improvements represents a shift in how Apple addresses security vulnerabilities. These updates are described as “lightweight” and occur between major software updates, delivering essential security fixes to users promptly. The latest updates are available for devices running iOS, iPadOS, and macOS version 26.1 and higher, and may include critical patches for components like Safari, the WebKit engine, and other system libraries.
Apple has not provided an explanation for the urgency in addressing this specific bug. The new update required only a brief device restart, in contrast to the longer reboot typically needed for more extensive software updates. Prior to this release, Apple conducted trials with software testers to test the effectiveness of this background security feature.