More than a billion scam popup ads were served thanks to bugs in Apple’s WebKit and the open-source Blink frameworks which power Safari and Chrome on iOS and macOS…
Scam popup ads are one of the biggest headaches for web publishers. Scammers manage to get malicious ads into mainstream ad networks like Google, which means they then pop up all over the web – but web visitors naturally suspect the website itself is at fault.
Websites can block the offending ads, but only after they have already been served and reported.
Ad security company Confiant notes that the specific exploits used have been blocked in iOS 13 and Safari 13.0.1.
We have written about the threat actor eGobbler extensively on our blog over the last year as they’ve continued to emerge as a prolific source of malvertising. It’s not uncommon for their campaigns to compromise up to hundreds of millions of programmatic ad impressions in a matter of hours and the impact from their ongoing activity is felt across the United States and Europe.
Over the past 6 months, the threat group has leveraged obscure browser bugs in order to engineer bypasses for built-in browser mitigations against pop-ups and forced redirections.
This blog post will provide overviews and proof of concepts for both browser exploits. The first exploit that we reported on April 11, 2019 impacts Chrome versions prior to 75 on iOS. The second, which we reported on Aug. 7 was fixed in iOS 13 / Safari 13.0.1 on Sept. 19, impacts WebKit based browsers.
The firm discovered the Chrome bug first, then the WebKit one. It reported these to both Apple and Chrome security teams in early August. Chrome provided a patch a few days later, while Apple fixed it as part of iOS 13 and Safari 13.0.1.
This is another good reason to keep your devices updated, but of course, as fast as one security loophole is closed, the bad guys find a new one, making it a constant battle.
9to5Mac is among the many websites hit by these scam popup ads, served via Google ads. We block them as fast as they are reported, as does Google, but it’s an ongoing game of whack-a-mole.
Via TNW
FTC: We use income earning auto affiliate links. More.
Comments