Apple Quietly Patches a Critical iPhone Security Flaw in iOS 26.3.1
Apple rolled out iOS 26.3.1 (a), its inaugural Background Security Improvement, on Tuesday, March 17. The company confirmed the update patches a vulnerability in WebKit — the rendering engine underpinning Safari and all third-party browsers on iOS, which by Apple's platform policy are required to use it.
If you've enabled automatic installation of Background Security Improvements, your iPhone will handle this silently in the background — no action required. If automatic installs are turned off, or you simply want to verify the patch is in place, navigate to Settings > Privacy & Security > Background Security Improvements. Your device will either confirm that iOS 26.3.1 (a) is already installed or present you with the option to apply it manually.
Apple typically flags when a security update addresses a flaw that has been actively exploited in the wild — a disclosure practice that helps users gauge urgency. The company stopped short of making that designation here, but still recommends all users install the update promptly, which itself signals the patch warrants attention.
Background Security Improvements debuted in November alongside the release of iOS 26.1. The mechanism is designed to deliver targeted, low-footprint security patches outside of full OS update cycles. "Background Security Improvements deliver lightweight security releases for components such as the Safari browser, WebKit framework stack, and other system libraries," Apple explained in its support documentation. The approach reflects a broader industry shift toward more granular, continuous patching rather than bundling fixes into infrequent major releases.
The delivery model is a clear echo of the Rapid Security Responses Apple introduced in 2023 — a mechanism built for the same purpose of pushing targeted fixes to devices quickly, and one that shares the same lettered-suffix naming convention. That program, however, appears to have been quietly retired; Apple has not issued a Rapid Security Response since iOS 16.5.1 (c) in July 2023, making Background Security Improvements look very much like its successor.
Apple has not responded to requests for comment on the relationship between the two programs. For more on the latest iOS releases, see what's new in iOS 26.3.1 and iOS 26.3, or browse our iOS 26 cheat sheet for a broader look at what's changed across the platform.
