Apple Issues Patch for Porn-browsing Safari Users Hit with Ransomware

Many Apple users are not quite as technically savvy as most other gadget enthusiasts as their product’s ease of use is actually why many love it. This becomes a problem however, when malware and scammers focus on targeting those on Apple devices as they can much easily exploited. Ransomware scammers have been taking advantage of a flaw in Apple’s Safari web browser which locks the screen via JavaScript pop-ups extorting users. Mobile Security provider Lookout has describes the attack as injected in ads from multiple adult video content sites. The pop-up messages claim to be from the police or even the Interpol, citing violation of European Cybercrime law and asks for money or iTunes credits as payment for fines.

Obviously the police does not extract money from the public that way (they do those via issuing parking enforcement tickets instead), nor do they accept iTunes gift cards as payment for fines. But even when the scammers misspell “Metropoliten” Police in the pop-up message, many users who are not very tech savvy or just generally unaware and shocked by panic have paid the fine. The ransomware pop-ups often use domains such as police-pay.com or similar titles to further prop their scam. The exploit was not only spread through pornographic content websites but through many music-pirating oriented websites as well.

The exploit came to the attention of Lookout mobile security last month and have alerted Apple of their findings. This exploitable flaw has thankfully been patched by Apple as of the 10.3 iOS update which changes the way Safari handles website pop-up dialogs as part of the major release package. More tech-aware users using iOS 10.2 could still work around the pop-up exploit just by simply clearing their history and website data under Settings > Safari > Clear History and Website Data.