There Are a Billion More Reasons to Upgrade to iOS 13

If all of the shiny new features in iOS 13 and even the rapid release of the more stable iOS 13.1 haven’t been enough to convince you to upgrade your iPhone or iPad to Apple’s latest mobile operating system, you may want to consider the security risks you’ll still be facing by remaining on an older iOS version.

We sympathize with those who wait to update when new iOS versions come out — after all, why risk problems for an iPhone that seems to be working properly just to gain some new features that you may or may not care about, and of course Apple’s initial release of iOS 13.0 pretty much helped confirm that believe for many people.

Buried underneath all of the gloss and glamour of new iPhone features, however, each iOS update offers security fixes that are far more critical to keep you and your information safe. They may not be exciting, but they’re even more important than things like Dark Mode and Memoji Stickers, as many recent reports have already shown.

Billions and Billions Served

We’ve already seen enough reports of iMessage exploits over the past few months, not to mention the discovery that malicious websites were taking advantage of unpatched vulnerabilities in older iOS versions, but now it turns out that a vulnerability in WebKit and Blink — the engines that power Safari and Chrome — have allowed scammers to serve over a billion nasty popup ads through compromised websites.

According to the ad security company Confiant, a group of scammers behind the threat actor “eGobbler” has managed to figure out how to take advantage of “obscure browser bugs” in both Safari and Chrome that bypass the security restrictions that would normally block pop-up ads and forced redirections to other sites.

Dubbed “malvertising,” eGobbler and threats like it rely on getting malicious ads inserted into mainstream advertising networks like Google that are used by popular websites. Once a scam ad manages to infiltrate the advertising network, it can easily pop up on thousands of websites simultaneously before it’s discovered and taken down.

It’s not uncommon for their campaigns to compromise up to hundreds of millions of programmatic ad impressions in a matter of hours and the impact from their ongoing activity is felt across the United States and Europe.

Confiant

This not only becomes a headache for users, who find their browsing experience rudely interrupted, but it’s a big problem for web sites too, who can find their reputations damaged as users visiting those sites naturally assume that it’s the website itself that’s chosen to show them a scammy ad and hijack their browser.

The problem is that while Safari offers several security features that will prevent these kinds of pop-ups from appearing, over the past six months hackers have found holes in Safari’s security that allowed them to bypass these. So in other words, even if you have “Block Pop-ups” disabled (which is the default), these “malvertisers” have found a way to force their pop ups through to you.

Confiant first discovered the bug in Google’s Chrome browser, and then later discovered it in Safari, reporting them to both Apple and Google back in early August. Apple has patched the vulnerabilities in iOS 13 and Safari 13.0.1, but if you haven’t updated, you’re still going to be vulnerable to this one, and there’s no indication that it’s yet been fixed in the iOS 12.4.2 security update that came out last month.