Volerion logoVolerion
Volerion logoVolerion

Apple WebKit Cross-Origin Navigation API Vulnerability Bypassing Same Origin Policy

Vulnerability

A cross-origin vulnerability in the Navigation API of WebKit has been identified, allowing maliciously crafted web content to bypass the Same Origin Policy. This issue affects multiple Apple operating systems, including iOS, iPadOS, and macOS, all in version 26.3.1 or 26.3.2. The vulnerability was addressed with improved input validation.

Impact

Exploitation of this vulnerability could lead to a cross-origin issue, allowing web content to bypass the Same Origin Policy, which could be exploited to access or manipulate data from another origin.

Remediation

Users can update to the latest versions of iOS, iPadOS, and macOS to address this vulnerability. The specific versions to update to are iOS 26.3.1, iPadOS 26.3.1, macOS 26.3.1, and macOS 26.3.2.

Added: Mar 17, 2026, 11:28 PM
Updated: Mar 17, 2026, 11:28 PM

Vulnerability Rating

Custom Algorithm
spread
8.4
impact
3.5
exploitability
4.4
remediation
7.7
relevance
4.0
threat
0.0
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.