iOS 10.3 Patches Safari Ransomware Vulnerability
Image via Apple
Toggle Dark Mode
It appears that an iOS Safari-based ransomware campaign — formerly exploited by a group of nefarious actors looking to cash in at the expense of unsuspecting iOS users — has been patched thanks to Apple’s recently released iOS 10.3 software update.
The former vulnerability, which sought to manipulate the way Apple’s iOS-based Safari browser regulated JavaScript pop-up windows, was primarily exploited by odious scammers who largely targeted visitors of pornographic websites, tried to download bootlegged music, and other sketchy content on their iPhone or iPad, according to ArsTechnica.
Mobile security firm Lookout explained that the ransomware campaign was essentially a form of “scareware,” which, from as far back as iOS 10.2, would enable scammers to overtake the Safari browser by initiating a swarm of incessant pop-up pages and messages — often increasing in both presence and threatening nature — until unknowing users ultimately paid “a fee” — generally in the form of an iTunes gift-card that they would be asked to deliver to an unknown phone number via text.
Lookout reported that scammers had become increasingly crafty in their attempts to exploit the vulnerability, often carrying out attacks on innocent users from domains like “pay-police (dot) com” in order to masquerade themselves as being legitimate law enforcement authorities.
These domains would generally project an image of legitimacy, oftentimes boasting professional-looking published content so as to appear as viable properties on the web — however, in the grand scheme of things, their principal intent was to trick oblivious iOS users into purchasing iTunes gift-cards, which the tricksters would request be sent to a phone number associated with the illegitimate domain.
“The attackers effectively used fear as a factor to get what they wanted before the victim realized that there was little actual risk,” wrote Lookout researchers Andrew Blaich and Jeremy Richards in their ‘scareware’ report.
Essentially, the pop-ups would appear onscreen as a “continuous loop,” according to Lookout, meaning that new pages and notifications would appear reading “Cannot Open Page” — but would only continue to appear as users persisted to click OK from the pop-up box, believing that they’d eventually get out of the crosshairs.
The vulnerability was first discovered last month by Lookout, who subsequently shared the details of the so-called “scareware campaign” with Apple. The Cupertino-company then issued a minor fix shortly thereafter, which supposedly rendered JavaScript pop-ups “per tab” as opposed to an “app-wide” event. However, iOS 10.3, among a number of neat enhancements, appears to have indefinitely thwarted these egregious scammers dead in their tracks.
