You Should Enable This New Security Update Feature on Your IPhone and Mac.
Security updates aren’t as flashy or exciting as feature updates, but installing them is just as, if not more, important. They include fixes for vulnerabilities in your device’s operating system that could leave you vulnerable to hacking. By fixing these vulnerabilities as quickly as possible, you reduce the risk to your device and its data.
Traditionally, Apple has mostly tied security updates to overall software releases, both major and minor. Instead of releasing iOS 26 and the subsequent security update, Apple simply bundles them together. Even if you can’t (or don’t want to) update to the latest iOS version, Apple will include the most important fixes in new updates for older versions of iOS (such as iOS 18.7.6 or iOS 15.8.7). But in recent years, the company has experimented with separate security update releases, especially for critical fixes. They started with “Rapid Security Responses,” which were updates specifically labeled as such, such as iOS Security Response 16.4.1(a). I thought this was a great idea, especially considering that other platforms like Android and Windows already do this for their users.
While this seemed like a good idea, Apple hasn’t released such updates in a long time. Instead, the company has largely returned to releasing security updates alongside regular software updates, regardless of whether they contain any new features. Now, it appears the company is trying a new type of security update—a rather stealthy one, it must be said.
Apple’s background security improvements are a new type of security update.
Originally announced alongside iOS 26.1, iPadOS 26.1, and macOS 26.1, Apple’s security updates now include “background security improvements.” The company describes these as “lightweight security updates” for components like Safari, WebKit (the framework Safari is built on), and other system libraries. As with rapid security fixes, the idea is to release smaller patches between software updates. This means Apple doesn’t need to release iOS 26.3.2 to update Safari; you can stay on iOS 26.3.1 and still update Safari with the appropriate patch.
In fact, this feature received its first update just this week. On Tuesday, Apple released version 26.3.1(a) for iOS, iPad, and macOS. (There’s also a version of macOS 26.3.2(a) for MacBook Neos running macOS 26.3.2.) This update fixes a WebKit vulnerability that allowed attackers to bypass the Same Origin Policy if you clicked malicious links. The Same Origin Policy typically prevents malicious sites from accessing other sites you might have open. For example, if you open a malicious site, the Same Origin Policy should prevent access to your Gmail inbox opened in another tab. But this vulnerability allowed attackers to bypass this restriction.
This update is available for all Apple devices running the latest versions of Apple operating systems, but you won’t find it in the software update settings. This isn’t because it’s still being distributed; you need to ensure the “Background security enhancements” feature is enabled to access these new security updates.
How to enable background security enhancements
On your Apple device, open Settings (System Preferences on macOS), then go to Privacy & Security . Scroll down and select Background Security Enhancements . Make sure Automatic Install is enabled. If so, the update should install automatically, but it’s unclear when this will happen.
You can also install the update manually. Under this toggle, you’ll see the latest “Background security improvements” update. Select “Install,” enter your password, and your device will begin downloading the update. When it’s ready, you can tap “Restart and install.”