![]() |
JavaScript-Based Safari Ransomware Exploit *****ed in iOS 10.3
iOS 10.3, released to the public this morning, fixes a bug that allowed scammers to attempt to extort money from iOS users through a JavaScript pop-up in Safari.
As explained by mobile security firm Lookout (via Ars Technica), the scammers targeted iOS users viewing ****ographic material and abused JavaScript pop-ups to create an endless pop-up loop that essentially locked the browser if the user didn't k**w how to bypass it. http://cdn.macrumors.com/article-new...omwarescam.jpg Using "scareware" messages and posing as law enforcement, the scammers used the pop-ups to extort money in the form of iTunes gift cards from the victim, promising to unlock the browser for a sum of money. The scammers abused the handling of pop-ups in Mobile Safari in such a way that a person would be "locked" out from using Safari unless they paid a fee -- or knew they could simply clear Safari's cache (see next section). The attack was contained within the app sandbox of the Safari browser; ** exploit code was used in this campaign, unlike an advanced attack like Pegasus that breaks out of the app sandbox to install malware on the device.The endless pop-up issue could be fixed by clearing the Safari cache, but many users likely did **t k**w they didn't need to shell out money to regain access to their browsers. Pop-up scams are ** longer possible with iOS 10.3, as Apple has changed the way pop-up dialogs work. Pop-ups are **w per-tab and ** longer take over the entire Safari app. Related Roundup: iOS 10 Discuss this article in our forums http://feeds.feedburner.com/~ff/MacR...?d=6W8y8wAjSf4 http://feeds.feedburner.com/~ff/MacR...?d=qj6IDK7rITs http://feeds.feedburner.com/~r/MacRu...~4/8B6ErolmJlE أكثر... |
| الساعة الآن 09:05 AM |
Powered by vBulletin® Copyright ©2000 - 2026, Jelsoft Enterprises Ltd. TranZ By
Almuhajir