iOS 10.3 update closes loophole scammers use to lock up Safari 17

Apple’s update to iOS 10.3 closed a loophole that’s been present in the OS for at least a couple of years that allowed malicious code to lock up the Safari browser and demand payment to restore access.

According to security company Lookout, the vulnerability is being actively exploited on devices not running the latest version of iOS, but before you go reaching for your wallet, there’s no need to actually pay to fix the problem. Instead, just clear all your browsing data and app cache, and the problem should be resolved.

The problem is triggered when visiting a domain with the malicious JavaScript that triggers a pop-up loop, and while you wouldn’t do that deliberately, personal blogs are frequently compromised by scammers as a way to distribute malware.

Part of the scam message that appears on an infected page, according to screenshots sent to Lookout Security.

iOS 10.3 gets around the issue by dealing with each individual tab in Safari separately, so if one is causing you problems, you should be able to close it without affecting the rest of your open pages.

While Android users are more frequently targeted by scammers and malware, the sheer size of the iPhone user base means it remains an attractive target. In this instance, there’s no ‘payload’ beyond the fear instilled in the user – there’s no malicious files being download, luckily.

Previous ArticleNext Article
I founded this site and keep it running. Tech. Sex. The future.STG is a place to look a bit closer at that the place where those things meet. I also run 10SECOND.TECH in my spare time.My regular work is currently found on WIRED, TrustedReviews, The Inquirer, V3, The Next Web and many more sites. I'm available to hire, or for media consultation/training for startups..If you want to get in contact, shoot an email to [email protected]

Leave a Reply