iOS and macOS have been around for a good long while now and I am still amazed at how many people I encounter who believe that neither can suffer from viruses and malware. While it is true that macOS and iOS have far fewer instances of viruses and malware, they’re certainly not immune to such attacks.
A good example of these operating systems being vulnerable is rearing its ugly head now. Cybercriminals are targeting iOS and macOS users with malicious ads by exploiting zero-day vulnerabilities. These vulnerabilities have been patched, so long as you have automatic updates turned on, but that doesn’t mean new vulnerabilities won’t be discovered and exploited.
As reported by TechRadar Pro, the vulnerabilities were used to inject exploit code that redirected users to malicious websites.
The threat actor eGobbler exploited a zero-day vulnerability in Webkit, the browser engine used in Safari and Blink, the Webkit fork used in Chrome, to generate successful redirects.
The company that discovered the iOS and macOS vulnerabilities, Confiant, had this to say about the situation:
“The nature of the bug is that a cross-origin nested iframe is able to “autofocus” which bypasses the “allow-top-navigation-by-user-activation” sandbox directive on the parent frame. With the inner frame automatically focused, the keydown event becomes a user-activated navigation event, which renders the ad sandboxing entirely useless as a measure for forced redirect mitigation.”Eliya Stein – Confiant
The company notified both Google and Apple of the situation and patches are being rolled out to fix it. This is still a good reminder to Apple users that your operating systems are not immune to exploitation. Taking security precautions and having common sense internet and web habits will go a long way to protect yourself.
Last Updated on February 3, 2021.