A vulnerability was found in Apple macOS, iOS and iPadOS . It has been rated as critical . Affected is an unknown function. The manipulation leads to permissive cross-domain policy with untrusted domains. This vulnerability is traded as CVE-2026-20643 . It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is advised.