JavaScript-Based Safari Ransomware Exploit Patched in iOS 10.3

by

iOS 10.3, released to the public this morning, fixes a bug that allowed scammers to attempt to extort money from iOS users through a JavaScript pop-up in Safari.

As explained by mobile security firm Lookout (via Ars Technica), the scammers targeted iOS users viewing pornographic material and abused JavaScript pop-ups to create an endless pop-up loop that essentially locked the browser if the user didn't know how to bypass it.

ransomwarescam
Using "scareware" messages and posing as law enforcement, the scammers used the pop-ups to extort money in the form of iTunes gift cards from the victim, promising to unlock the browser for a sum of money.

The scammers abused the handling of pop-ups in Mobile Safari in such a way that a person would be "locked" out from using Safari unless they paid a fee -- or knew they could simply clear Safari's cache (see next section). The attack was contained within the app sandbox of the Safari browser; no exploit code was used in this campaign, unlike an advanced attack like Pegasus that breaks out of the app sandbox to install malware on the device.

The scammers registered domains and launched the attack from the domains they owned, such as police-pay[.]com, which the attackers apparently named with the intent of scaring users looking for certain types of material on the Internet into paying money.

The endless pop-up issue could be fixed by clearing the Safari cache, but many users likely did not know they didn't need to shell out money to regain access to their browsers.

Pop-up scams are no longer possible with iOS 10.3, as Apple has changed the way pop-up dialogs work. Pop-ups are now per-tab and no longer take over the entire Safari app.

Related Forum: iOS 10

Popular Stories

iOS 18

Apple Expected to Release iOS 18.3 Next Week With These New Features

Thursday January 23, 2025 6:41 am PST by
iOS 18.3 should be released to the public next week, following beta testing since mid-December. While the software update is a relatively minor one, it still includes a handful of new features, changes, and bug fixes for iPhones. Below, we recap everything new in iOS 18.3. Notification Summary Changes Examples of inaccurate Apple Intelligence notification summaries Apple Intelligence...
Read Full Article29 comments
iOS 18

5 New Things Your iPhone Can Do in iOS 18.3

Friday January 24, 2025 1:55 am PST by
Apple is set to release iOS 18.3 next week, bringing further refinements to Apple Intelligence features, a couple of neat new capabilities to iPhone 15 Pro and iPhone 16 devices, and bug fixes. While not quite as packed with new features as Apple's preceding iOS 18 point releases, iOS 18.3 still introduces capabilities that aim to make your iPhone smarter and more intuitive. Below, we've...
Read Full Article26 comments
Generic iOS 18

iOS 18.4 Beta Coming Soon With These New Features for Your iPhone

Friday January 24, 2025 8:16 am PST by
iOS 18.3 is expected to be widely released next week, and that means the first iOS 18.4 beta for iPhones should be just around the corner. Apple has previously implied that iOS 18.4 will be released in April, as that is when it promised to make Apple Intelligence available in even more languages. Below, we outline what to expect from iOS 18.4 so far. Apple Intelligence for Siri Siri ...
Read Full Article37 comments
Apple Pay Walmart Feature

Walmart Stands Firm on Why It Doesn't Accept Apple Pay in the U.S.

Thursday January 23, 2025 7:32 am PST by
Walmart still does not accept Apple Pay or other NFC payments at its more than 4,600 stores across the U.S., and it stood firm on its reasoning for that today. A spokesperson for Walmart today informed MacRumors that its position on contactless payments has not changed since we last reached out about the matter in 2022. The big-box retailer said it remains focused on its own convenient...
Read Full Article362 comments
apple tv 4k new orange

New Apple TV Launching This Year With These New Features

Wednesday January 22, 2025 6:01 pm PST by
A new Apple TV is expected to be released later this year. In this article, we recap rumored features and changes for the device. The next Apple TV will be equipped with Apple's own combined Wi-Fi and Bluetooth chip, according to Bloomberg's Mark Gurman. He said the chip supports Wi-Fi 6E, which would be an upgrade over the current Apple TV's standard Wi-Fi 6 support. Wi-Fi 6E extends the...
Read Full Article
iOS 18

Here Are Apple's Full Release Notes for iOS 18.3

Tuesday January 21, 2025 4:31 pm PST by
Apple provided developers and public beta testers with the release candidate version of iOS 18.3 today, and with it comes release notes confirming what's new. While we knew about several of the features that are in the update, there are some lesser known tweaks and bug fixes. The update adds new Visual Intelligence features for iPhone 16 models, it tweaks Notification summaries on all...
Read Full Article52 comments
iPhone 17 Pro Dual Tone Horizontal Single Feature

Kuo: iPhone 17 Models Won't Have Smaller Dynamic Island

Friday January 24, 2025 9:09 am PST by
The upcoming iPhone 17 models that Apple plans to release this year will not feature a smaller Dynamic Island, Apple analyst Ming-Chi Kuo said today. On social media, he said that he is expecting the size of the Dynamic Island to remain "largely unchanged" across the iPhone 17 lineup. His statement is contrary to prior rumors that we've heard about planned changes for the iPhone 17 models. ...
Read Full Article77 comments
iPhone 16 Apple Store Levels

Gurman: Apple Stores Receiving 'Merchandise' Updates Next Week

Saturday January 25, 2025 5:07 pm PST by
Apple's retail stores will be rolling out "merchandise/floor marketing updates" next week, according to Bloomberg's Mark Gurman. Gurman did not explicitly say if the store updates are related to any upcoming product announcements, but he did mention that next week is around the time that Apple rolls out its annual Black Unity watch band for the Apple Watch. In each of the past four years, ...
Read Full Article32 comments
apple power beats pro 2

Apple's First Product Announcement of 2025 is Imminent

Thursday January 23, 2025 2:48 pm PST by
It's also time for Apple's first product announcement of the year. Last year, Apple said it would be launching Powerbeats Pro 2 in 2025, and the wireless earbuds are expected to launch very soon. Powerbeats Pro 2 images found in iOS 18 code In his Power On newsletter last weekend, Bloomberg's Mark Gurman said the Powerbeats Pro 2 are "due imminently." In addition to Apple filing the...
Read Full Article

Top Rated Comments

seanmcbay Avatar
seanmcbay
102 months ago
Great news. These pop-up loops are the worst thing and they don't belong in 2017. Now Apple needs to prevent Safari ads from automatically taking you to the App Store for some crappy IAP fest game.
Score: 48 Votes (Like | Disagree)
man3ster Avatar
man3ster
102 months ago
Finally, I can search for porn again.
Score: 19 Votes (Like | Disagree)
ApfelKuchen Avatar
ApfelKuchen
102 months ago
I think it's all on apple to stop these scams and also refund anyone duped by them, because they've allowed a third party to effectively break the device and allow the scam to work.
"Allowed" how? Did they give the scammers instructions on how to "break" the device?

Good luck suing the makers of door locks or plate glass for "allowing" a burglar to pick the lock or break a window. Good luck suing the police for "allowing" the break-in. Good luck suing the telephone company for "allowing" a scammer to place a call, or the city for "allowing" a scammer to ring your doorbell. Failing to provide 100% safety is not the same as "allowing" a crime to occur.

The creators of these browser scams find weaknesses in the software. The developers of browsers plug the weaknesses. That's the same cat-and-mouse game you find anywhere there's crime.

Browsers are a particularly good target because, among other things, browsers are expected to correctly display web pages, regardless of who created that web page. Open Internet, and all that. You want a guarantee of 100% safety? Don't use the Internet.

I love the diversity around here. Some people complain that Apple's software allowed a scam to occur. Apple (presumably) attends to their needs by issuing software updates to combat the scams. Others are all up in arms, "How dare Apple force these updates upon us!"
Score: 8 Votes (Like | Disagree)
zzLZHzz Avatar
zzLZHzz
102 months ago
And I hope Apple can STOP the automatic update downloads.
Sometimes I run out of storage and Apple still sends the signal to download the iOS update.
as a developers, i hope they will continue with the automatic update.

the moment user have a choice in that, people will never update their OS and it just goes downhill from there.
Score: 7 Votes (Like | Disagree)
DBZmusicboy01 Avatar
DBZmusicboy01
102 months ago
And I hope Apple can STOP the automatic update downloads.
Sometimes I run out of storage and Apple still sends the signal to download the iOS update.
Score: 4 Votes (Like | Disagree)
wikiverse Avatar
wikiverse
102 months ago
There is a switch to stop app updates, but that doesn't include iOS itself? Unfortunate that Apple hasn't provided user control over that yet, but they do provide a way of deleting the downloaded update now.

https://www.igeeksblog.com/how-to-remove-software-update-download-from-iphone-ipad/
Except they force the download on you again as soon as you are connected to a Wifi Network, not only wasting space on your phone but wasting your download quotas on wifi - something extremely annoying and expensive if you live in a rural area, or are using hotel wifi. How about just having an opt-out option, or at least not immediately downloading it again if it is deleted.
Score: 4 Votes (Like | Disagree)
Read All Comments