iOS and macOS users were targeted by malicious ads

Apple / Security / Tech

As reported by TechRadar Pro, the vulnerabilities were used to inject exploit code that redirected users to malicious websites.

iOS and macOS have been around for a good long while now and I am still amazed at how many people I encounter who believe that neither can suffer from viruses and malware. While it is true that macOS and iOS have far fewer instances of viruses and malware, they’re certainly not immune to such attacks.

A good example of these operating systems being vulnerable is rearing its ugly head now. Cybercriminals are targeting iOS and macOS users with malicious ads by exploiting zero-day vulnerabilities. These vulnerabilities have been patched, so long as you have automatic updates turned on, but that doesn’t mean new vulnerabilities won’t be discovered and exploited.

As reported by TechRadar Pro, the vulnerabilities were used to inject exploit code that redirected users to malicious websites.

The threat actor eGobbler exploited a zero-day vulnerability in Webkit, the browser engine used in Safari and Blink, the Webkit fork used in Chrome, to generate successful redirects.

The vulnerability, tracked as CVE-2019-8771, existed in a JavaScript function which occurs each time a user presses down a key on their keyboard. By exploiting the vulnerability, eGobbler was able to allow ads linked in HTML tags called iframes to break out of security sandbox protections that prevent a user from being redirected without their knowledge.

macOS and iOS Apple
There are no operating systems that are immune to hacks or do not have vulnerabilities.

The company that discovered the iOS and macOS vulnerabilities, Confiant, had this to say about the situation:

“The nature of the bug is that a cross-origin nested iframe is able to “autofocus” which bypasses the “allow-top-navigation-by-user-activation” sandbox directive on the parent frame. With the inner frame automatically focused, the keydown event becomes a user-activated navigation event, which renders the ad sandboxing entirely useless as a measure for forced redirect mitigation.”

Eliya Stein – Confiant

The company notified both Google and Apple of the situation and patches are being rolled out to fix it. This is still a good reminder to Apple users that your operating systems are not immune to exploitation. Taking security precautions and having common sense internet and web habits will go a long way to protect yourself.

What do you think of this iOS and macOS exploit? Let us know in the comments below or on Twitter, or Facebook. You can also comment on our MeWe page by joining the MeWe social network.

 Source: TechRadar Pro

Last Updated on

Comments
To Top