{"id":51264,"date":"2026-03-17T14:42:32","date_gmt":"2026-03-17T18:42:32","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=51264"},"modified":"2026-03-30T13:34:14","modified_gmt":"2026-03-30T17:34:14","slug":"macos-26-3-1-a","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2026\/03\/17\/macos-26-3-1-a\/","title":{"rendered":"macOS 26.3.1 (a)"},"content":{"rendered":"<p><a href=\"https:\/\/eclecticlight.co\/2026\/03\/17\/apple-has-just-released-the-first-background-security-improvement-for-macos-tahoe\/\">Howard Oakley<\/a>:<\/p>\n<blockquote cite=\"https:\/\/eclecticlight.co\/2026\/03\/17\/apple-has-just-released-the-first-background-security-improvement-for-macos-tahoe\/\">\n<p>Apple has just released its first public Background Security Improvement (BSI) for macOS 26.3.1 Tahoe, labelled as BSI (a)-25D771280a.<\/p>\n<\/blockquote>\n\n<p><a href=\"https:\/\/support.apple.com\/en-us\/126604\">Apple<\/a>:<\/p>\n<blockquote cite=\"https:\/\/support.apple.com\/en-us\/126604\">\n<p>Available for: iOS 26.3.1, iPadOS 26.3.1, macOS 26.3.1, macOS 26.3.2<\/p>\n<p>Impact: Processing maliciously crafted web content may bypass Same Origin Policy<\/p>\n<p>Description: A cross-origin issue in the Navigation API was addressed with improved input validation.<\/p><\/blockquote>\n\n<p><a href=\"https:\/\/x.com\/ClassicII_MrMac\/status\/2033977281157226764\">Mr. Macintosh<\/a>:<\/p>\n<blockquote cite=\"https:\/\/x.com\/ClassicII_MrMac\/status\/2033977281157226764\">\n<p>This update will NOT show up in Software update. It will only display in System Settings &gt; BSI Updates.<\/p>\n<\/blockquote>\n\n<p>Previously:<\/p>\n<ul>\n<li><a href=\"https:\/\/mjtsai.com\/blog\/2026\/03\/05\/macos-26-3-1\/\">macOS 26.3.1<\/a><\/li>\n<li><a href=\"https:\/\/mjtsai.com\/blog\/2025\/09\/23\/rapid-security-responses-become-background-security-improvements\/\">Rapid Security Responses Become Background Security Improvements<\/a><\/li>\n<\/ul>\n\n<p id=\"macos-26-3-1-a-update-2026-03-19\">Update (<a href=\"#macos-26-3-1-a-update-2026-03-19\">2026-03-19<\/a>): <a href=\"https:\/\/www.macrumors.com\/2026\/03\/17\/security-update-ios-26-3-1\/\">Juli Clover<\/a>:<\/p>\n<blockquote cite=\"https:\/\/www.macrumors.com\/2026\/03\/17\/security-update-ios-26-3-1\/\">\n<p>Background Security Improvements can be installed in the Privacy and Security section of the Settings app. Scroll down, and then select the Install option to install the update. If Automatically Install is toggled on, BSIs will be automatically installed when they come out.<\/p>\n<\/blockquote>\n\n<p><a href=\"https:\/\/mastodon.social\/@lapcatsoftware\/116251282977954350\">Jeff Johnson<\/a>:<\/p>\n<blockquote cite=\"https:\/\/mastodon.social\/@lapcatsoftware\/116251282977954350\">\n<p>In order to install the available Background Security Improvement, you have to enable automatic installation.<\/p>\n<\/blockquote>\n\n<p><a href=\"https:\/\/www.macintouch.com\/posts\/50459#more-50459\">Ric Ford<\/a>:<\/p>\n<blockquote cite=\"https:\/\/www.macintouch.com\/posts\/50459#more-50459\">\n<p><em>Automatically Install<\/em> was enabled, but the update had not been performed. There was an &ldquo;install&rdquo; link, which we selected &#x2013; it then took a long time to download and eventually forced a restart of the iPhone.<\/p>\n<p>Going back to Settings &gt; Privacy and Security &gt; [scroll down pages] Background Security Improvements showed the updated version. Touching a tiny &ldquo;i&rdquo; icon pops up the option of removing these security patches<\/p>\n<\/blockquote>\n\n<p><a href=\"https:\/\/tidbits.com\/2026\/03\/17\/apple-relaunches-background-security-improvements-with-webkit-patch\/\">Adam Engst<\/a>:<\/p>\n<blockquote cite=\"https:\/\/tidbits.com\/2026\/03\/17\/apple-relaunches-background-security-improvements-with-webkit-patch\/\">\n<p>Apple says Background Security Improvements that update only Safari on the Mac will require just a Safari relaunch, not a full restart. However, this update does require a restart&mdash;and on the Mac, it doesn&rsquo;t prompt you first as it does in iOS. It felt surprisingly abrupt after the relatively slow downloading phase.<\/p>\n<\/blockquote>\n\n<p><a href=\"https:\/\/eclecticlight.co\/2026\/03\/19\/what-is-a-background-security-improvement-and-how-does-it-work\/\">Howard Oakley<\/a>:<\/p>\n<blockquote cite=\"https:\/\/eclecticlight.co\/2026\/03\/19\/what-is-a-background-security-improvement-and-how-does-it-work\/\">\n<p>If you know a BSI is available but Privacy &amp; Security settings appear unable to find it, something I&rsquo;ve encountered in Virtual Machines, try running SilentKnight. Although BSIs aren&rsquo;t controlled in Software Update, they do still use the same <code>softwareupdate<\/code> system used by SilentKnight. Normally you shouldn&rsquo;t try to install BSIs using SilentKnight, as installation will fail. However, you can turn this to your advantage when a BSI is being elusive.<\/p>\n<p>[&#8230;]<\/p>\n<p>Most telling, though, are the accounts of RSRs and BSIs given in Apple&rsquo;s <em>Platform Security Guide,<\/em> which are almost word-for-word identical apart from their names. It seems most likely that a BSI is a rebranded RSR in a bid to move on from the loss of confidence in RSRs following unfortunate errors nearly three years ago.<\/p>\n<\/blockquote>\n\n<p id=\"macos-26-3-1-a-update-2026-03-26\">Update (<a href=\"#macos-26-3-1-a-update-2026-03-26\">2026-03-26<\/a>): <a href=\"https:\/\/eclecticlight.co\/2026\/03\/22\/last-week-on-my-mac-brilliant-engineering-in-a-flawed-interface\/\">Howard Oakley<\/a>:<\/p>\n<blockquote cite=\"https:\/\/eclecticlight.co\/2026\/03\/22\/last-week-on-my-mac-brilliant-engineering-in-a-flawed-interface\/\">\n<p>Now I&rsquo;ve had a chance to give <a href=\"https:\/\/eclecticlight.co\/2026\/03\/19\/what-is-a-background-security-improvement-and-how-does-it-work\/\">a fair account<\/a> of the first public BSI, I can consider what&rsquo;s wrong with their current implementation.<\/p>\n<\/blockquote>\n\n<p id=\"macos-26-3-1-a-update-2026-03-30\">Update (<a href=\"#macos-26-3-1-a-update-2026-03-30\">2026-03-30<\/a>): <a href=\"https:\/\/blog.calif.io\/p\/reverse-engineering-apples-silent\">Khanh<\/a>:<\/p>\n<blockquote cite=\"https:\/\/blog.calif.io\/p\/reverse-engineering-apples-silent\">\n<p>This post walks through how BSI updates work under the hood. More importantly, it shows what Apple actually shipped: one publicly disclosed WebKit CVE, and at least two additional security-relevant changes that didn&rsquo;t make it into the advisory.<\/p>\n<\/blockquote>","protected":false},"excerpt":{"rendered":"<p>Howard Oakley: Apple has just released its first public Background Security Improvement (BSI) for macOS 26.3.1 Tahoe, labelled as BSI (a)-25D771280a. Apple: Available for: iOS 26.3.1, iPadOS 26.3.1, macOS 26.3.1, macOS 26.3.2 Impact: Processing maliciously crafted web content may bypass Same Origin Policy Description: A cross-origin issue in the Navigation API was addressed with improved [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"apple_news_api_created_at":"2026-03-17T18:42:36Z","apple_news_api_id":"6572f7b7-d784-4c4d-9442-c2e2a5ef5650","apple_news_api_modified_at":"2026-03-30T17:34:17Z","apple_news_api_revision":"AAAAAAAAAAAAAAAAAAAABQ==","apple_news_api_share_url":"https:\/\/apple.news\/AZXL3t9eETE2UQsLipe9WUA","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_is_hidden":false,"apple_news_is_paid":false,"apple_news_is_preview":false,"apple_news_is_sponsored":false,"apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":"\"\"","apple_news_suppress_video_url":false,"apple_news_use_image_component":false,"footnotes":""},"categories":[2],"tags":[2842,30,2303,2742,48,2087,328],"class_list":["post-51264","post","type-post","status-publish","format-standard","hentry","category-technology","tag-background-security-improvements","tag-mac","tag-macos-release","tag-macos-tahoe-26","tag-security","tag-software-update","tag-webkit"],"apple_news_notices":[],"_links":{"self":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/51264","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/comments?post=51264"}],"version-history":[{"count":7,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/51264\/revisions"}],"predecessor-version":[{"id":51408,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/51264\/revisions\/51408"}],"wp:attachment":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/media?parent=51264"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/categories?post=51264"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/tags?post=51264"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}