—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Security Bypass Vulnerability in Apple Products

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Software Affected

Apple iOS and iPadOS versions prior to 26.3.1

Apple macOS versions prior to 26.3.1

Apple macOS versions prior to 26.3.2

Overview

A vulnerability has been reported in Apple products which could be exploited by an attacker to bypass Same Origin Policy on the targeted system.

Target Audience:

All end-user organizations and individuals using Apple products.

Risk Assessment:

High risk of unauthorized cross-origin data access.

Impact Assessment:

Potential for access to sensitive data.

Description

iOS, iPadOS, and macOS are operating systems developed by Apple Inc. to run iPhones, iPads, and Mac computers respectively.

This vulnerability exists in the Webkit component of Apple products due to improper validation in its Navigation API. A remote attacker could exploit this vulnerability by enticing the target user to execute a specially crafted webpage resulting in bypass of same origin policy.

Successful exploitation of this vulnerability could lead to unauthorized cross-origin data access and potential disclosure of sensitive information.

Solution

Apply appropriate security updates as mentioned in the Apple Security Updates

https://support.apple.com/en-us/126604

Vendor Information

Apple

https://support.apple.com/en-us/126604

References

 

https://support.apple.com/en-us/126604

CVE Name

CVE-2026-20643

 

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmm/e94ACgkQ3jCgcSdc

ys8BjxAAiteF+Cufs0UNKeuv+dS0nn4P74DCNbnekD+WkN/fWTEeQHOg6uZLa44Q

JGjdA/dq4WWRn3PisUgoxddf2NdexyzTcjGzXqDy1fJR2Jyh55uUE3ruGbecDsGs

WTfUzgtun7D5FPplt66zFQTczatA8KraOzdQ8+34u54b05XNB1jMb4TXQjQls8lK

1hrxUF3teLWta+lAjuApgQrVMdeyRV5/Z95zA3LxCWGEi4If4FqZEBsT9ZgPfY6h

uut+/rJHNX+bBbGLyaVUoXJIhfLCaHJ8a9Wdtec+fUSUk/PQM5Do1wHnCoWSW279

Z5YOkzQEd1xyxtAzc5UDiLDxPDfJ9lxFi0mpDR7i1wRGYpk3rxnNpr+Eieai61kj

Qr0Iv4sGNJiW5XLURtWLnYmMylQFGemc/ApXMBNcT27NIf/o7eg5IAVd1L415dFp

0gonrtKl944WAHxZZhn5hTFYI81++GiA9s58AyjhTAQYvzPQy9oYgu5KXimzXrhY

8hM6NXRW9IsXPHYCKHVpJKG/kEvyFSKhJAh/ZFM6VeXg9bD15oVvSSLSMsmszjZj

92hLdUJEZAoMPe6HiCyLD4d6bIY3Zi6n6DHBw0sMrEzG8677unMQZzem067RCJC2

vQEO5AT8QnYYnlrIfWPjJq0+2XNFV/lSZaZtkkYfb3jCoEVR9Qs=

=I/yr

—–END PGP SIGNATURE—–