Ben
Apple’s update to iOS 10.3 closed a loophole that’s been present in the OS for at least a couple of years that allowed malicious code to lock up the Safari browser and demand payment to restore access.
According to security company Lookout, the vulnerability is being actively exploited on devices not running the latest version of iOS, but before you go reaching for your wallet, there’s no need to actually pay to fix the problem. Instead, just clear all your browsing data and app cache, and the problem should be resolved.
The problem is triggered when visiting a domain with the malicious JavaScript that triggers a pop-up loop, and while you wouldn’t do that deliberately, personal blogs are frequently compromised by scammers as a way to distribute malware.
Part of the scam message that appears on an infected page, according to screenshots sent to Lookout Security.
iOS 10.3 gets around the issue by dealing with each individual tab in Safari separately, so if one is causing you problems, you should be able to close it without affecting the rest of your open pages.
While Android users are more frequently targeted by scammers and malware, the sheer size of the iPhone user base means it remains an attractive target. In this instance, there’s no ‘payload’ beyond the fear instilled in the user – there’s no malicious files being download, luckily.
