Apple pushes silent security fixes

Apple shipped iOS 26.3.1 (a), iPadOS 26.3.1 (a), macOS 26.3.1 (a) and macOS 26.3.2 (a) to address a WebKit Navigation API cross‑origin input‑validation bug tracked as CVE‑2026‑20643 and logged in Bugzilla 306050, with Apple’s advisory published March 17, 2026. (support.apple.com) Background Security Improvements are described by Apple as lightweight, out‑of‑band fixes for components such as Safari and the WebKit framework and were introduced beginning with iOS 26.1 and macOS 26.1. (support.apple.com) On macOS, Apple’s BSI model lets Safari‑focused patches take effect as soon as the browser is relaunched (no full OS reseal or restart required), and the mechanism uses cryptexes and Image4 manifests to deliver component‑level binary patches. (support.apple.com) Google’s Threat Intelligence Group says the exploit chain named DarkSword has been observed since at least November 2025, was reported to Apple in late 2025, and has been reused by multiple commercial surveillance vendors and suspected state‑sponsored actors including UNC6353. (cloud.google.com) Analysis from multiple labs shows DarkSword strings together six distinct vulnerabilities—including three zero‑days—and targets iOS 18.4–18.7 to deliver infostealers that extract credentials and cryptocurrency‑wallet data. (thehackernews.com) (bleepingcomputer.com) GTIG’s timeline and Apple’s March 17, 2026 advisory together indicate some DarkSword flaws were disclosed to Apple months earlier but required staged rolling patches, underscoring a disclosure‑to‑patch window that platform, WebKit, and firmware teams will need to coordinate tightly to compress in future incidents. (cloud.google.com) (support.apple.com)