Apple released iOS 10.3 earlier today and included in it were a host of new features. As usual, however, there are a number of under-the-hood changes as well. Arstechnica notes that iOS 10.3 fixes a bug that in Safari allowed for scammers to trick users into paying fees.
The report explains that the flaw allowed ransomware scammers to display popup windows in a sort of endless cycle. The user would end up on an attacker website that posed as a law enforcement site informing them that they had to pay a fine for some sort of illegal action. In most cases, Arstechnica says the ransomware targeted users viewing pornography or attempting to illegally download music or other content.
Researchers from Lookout describe how hackers were able to capture users and trick them into paying the ransom fee. Essentially, the hackers would prevent users from accessing any function of Safari until the ransom fee had been paid.
The flaw was first discovered when a user was led to the website pay-police dot com and thereby lost control of Safari. The screenshot above shows how the user ended up on the site and the endless cycle of popups that they experienced.
Users could fix the issue by clearing their browsing history and cache, but with iOS 10.3, the flaw has been fixed entirely and thus users should no longer get trapped in the endless cycle of JavaScript popups.
A detailed explanation of the issue can be read on the Lookout blog.
