Oct 20, 2020 | Updated: 09:48 PM EDT

New iOS 10.3 Update Fixes Safari Security Vulnerability To Block Hackers

Mar 31, 2017 03:21 PM EDT


New updates reveal that the recently rolled out iOS 10.3 update tightens security to block hackers. It is reported that scammers have been exploiting a loophole in Apple's Mobile Safari browser in an effort to extort money from uninformed users.

The new iOS 10.3 updates fix Safari security flaw that previously allowed attackers to freely prevent affected users from using their browser through an endless stream of pop-up windows and then demand cash in the form of an iTunes gift card code, according to BGR.

The targets of these hackers are specifically users who viewed porn or other controversial content, but the developer has now fixed the vulnerability on Monday with the release of iOS version 10.3. According to Arstechnica, the loophole includes among other things, how Safari displayed JavaScript pop-up windows.

But recent reports notes that researchers from the mobile security provider, Lookout explained how exploit codes that are planted on multiple websites lead to an endless loop of windows to be displayed in a way that prevents the browser from being used.

However, the hackers' websites are displayed as law-enforcement actions and when they are contacted by users, the scammers claim that the use of the browser can only be regained when users pay a fine in the form of an iTunes gift card code to be delivered by text message. On the contrary, users can easily recover from the pop-up loop by going into the device settings and clearing the browser cache.

The trick was mostly used on uninformed persons who were too uncomfortable to ask for outside help. Lookout researchers, Andrew Blaich and Jeremy Richards stated that the attackers utilized fear as a means to get what they wanted before the victim realized that there was actually just a little risk.

The researchers added that first discovered about the attacks when a user of iOS version 10.2, reported that he lost control of Safari after visiting the website called pay-police.com. He provided screenshots of what was displayed, which was mainly to instill fear. The notification stated that the user's device was being blocked for illegal pornography.

According to the researchers, the JavaScript utilized by the scammers appears to be used to exploit the same Safari loophole in iOS version 8 that was released in 2014. They said the attackers acquired several domains in order to access users that mostly search for controversial content on the internet and then make them pay ransom for the contents. However, affected iOS users can simply clear their browsing cache by going to device settings - Safari - Clear History and Website Data.

Real Time Analytics