News

Apple bugs let through a billion scam pop-up ads

Before we get started

After spending over 20 years working with Macs, both old and new, theres a tool I think would be useful to every Mac owner who is experiencing performance issues.

CleanMyMac is highest rated all-round cleaning app for the Mac, it can quickly diagnose and solve a whole plethora of common (but sometimes tedious to fix) issues at the click of a button. It also just happens to resolve many of the issues covered in the speed up section of this site, so Download CleanMyMac to get your Mac back up to speed today.

mac-pc

According to ad security firm Confiant, security flaws in Apple’s WebKit as well as the Blink frameworks that power Chrome and Safari on macOS and iOS have led to over a billion scam pop-up ads being served.

These ads have become a major headache for web publishers. Nowadays, scammers are able to smuggle malicious ads into major networks, including Google.

Web visitors encounter them throughout the web, and mistakenly assume that they are being served by the websites they are visiting. Websites, meanwhile, are only able to block these ads after they have been displayed and reported.

Confiant said that the exploits in question were only blocked in Safari 13.0.1 and iOS 13. The firm added that over the past year, it had written about one of these scammers extensively on its blog.



The company, which calls itself eGobbler, has emerged as a very active source of ‘malvertising’, and its ad campaigns often compromise hundreds of millions of ad impressions. Web visitors throughout the US and Europe are regularly impacted by its activities.

Since April this year, the threat group has on several occasions exploited little-known browser bugs to sidetrack built-in browser protections against forced redirections and pop-ups. Confiant first reported one of these exploits on 11th April. This particular one affected Chrome versions before 75 running on Apple’s iOS.

The second one, which impacted WebKit-based browsers, was reported on 7th August and was only fixed on 19th September in Apple’s Safari 13.0.1 and iOS 13. Confiant reported these bugs to both Apple and Chrome.

Chrome released a patch within a few days, but Apple took nearly one and a half months to bring out a fix. All of this is just one more reason to update all your devices regularly, though even that will not provide 100% protection if companies such as Apple don’t respond faster to bug reports.

Tags

About the author

Chris

Add Comment

Click here to post a comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.