![]() |
|
#1
|
|||
|
|||
|
iOS 10.3, released to the public this morning, fixes a bug that allowed scammers to attempt to extort money from iOS users through a JavaScript pop-up in Safari.
As explained by mobile security firm Lookout (via Ars Technica), the scammers targeted iOS users viewing ****ographic material and abused JavaScript pop-ups to create an endless pop-up loop that essentially locked the browser if the user didn't k**w how to bypass it. ![]() Using "scareware" messages and posing as law enforcement, the scammers used the pop-ups to extort money in the form of iTunes gift cards from the victim, promising to unlock the browser for a sum of money. The scammers abused the handling of pop-ups in Mobile Safari in such a way that a person would be "locked" out from using Safari unless they paid a fee -- or knew they could simply clear Safari's cache (see next section). The attack was contained within the app sandbox of the Safari browser; ** Exploit code was used in this campaign, unlike an advanced attack like Pegasus that breaks out of the app sandbox to install malware on the device.The endless pop-up issue could be fixed by clearing the Safari cache, but many users likely did **t k**w they didn't need to shell out money to regain access to their browsers. Pop-up scams are ** longer possible with iOS 10.3, as Apple has changed the way pop-up dialogs work. Pop-ups are **w per-tab and ** longer take over the entire Safari app. Related Roundup: iOS 10 Discuss this article in our forums أكثر... ??????? ??????: JavaScript-Based Safari Ransomware Exploit *****ed in iOS 10.3 || ??????: ahlam1399 || ??????: اسم منتداك
|
|
|