Apple solves a problem in Safari that allowed it to be hijacked — 2022

Yesterday Apple released the update to iOS 10.3 for everyone. With this new version, several problems, exploits Y bugs were fixed, in addition to other small improvements. Among these problems that were solved we have one that allowed a hijacked web page the Navigator Safari using JavaScript code.

How did they hijack the Safari browser?

a few months ago, a kind of malware already known from the past regained strength. We talk about ransomware , which consists of the act of hijack a device . In order to release him, the offender usually asks for an amount of money in exchange.

As well. A practice of ransomware became very popular on iOS, but instead of hijacking the entire device it only affected the browser . This practice consisted of, through a JavaScript code executed from a web page, displaying a notice pretending to be from the police . In said warning it would be said that the browser has been blocked for the consumption of pornography. Attached to this were some instructions for carrying out the payment .



Obviously these types of messages are fake, but… how did the criminals block safari ? they did through popups , a browser popup launched via code JavaScript of a web page. Taking advantage of a small flaw in Safari, these were constantly coming out, thus preventing the use of the browser. Except… that you will clear the cache, but few people know how to do that.

Apple improves in iOS 10.3 security in Safari by restricting the use of popup javascript

Thanks to this little Safari default , the criminals managed to take a generous amount of money. Therefore, Apple has decided to put an end to it in the update which we received yesterday.

In iOS 10.3 this malicious code no longer works. This is because now the popup from Safari are isolated between the different tabs . That is, instead of blocking the entire web browser, now only one tab is blocked, which can be easily closed.

conclusion

As we can see, Apple has already taken action on the matter, thus helping iOS to be a little more secure.

Even so, I consider it appropriate to remember that these types of messages from the police in the browser are totally false . No security body will lock your device like that, let alone ask you for money directly. Therefore, we recommend ignore all these types of warnings , because it is most likely from a criminal, and in case of doubt, before paying anything ask us .

Via MacRumors