Apple recently confirmed that there was a vulnerability that allowed hackers to send infinite loop alert messages on the Safari application. Instead of just affecting the tab that the website was opened it, it affects the entire application making Safari unusable. Alert such as “Your device has been locked” was used to scare users into buying iTunes gift card and paying the ransom. The only problem with this is it didn’t actually lock the iOS or encrypt any files. hence the name scareware. The scammers registered domains and launched the attack from the domains they owned, such as police-pay[.com]. When the user clicks links to those domain, they’ll get a infinite loop alert message.
Well the good thing is Apple recently patched this vulnerability in iOS 10.3. If you don’t want to update, the other option is to clear your Safari’s cache.
Article: http://www.securityweek.com/ios-scareware-campaign-abuses-safari-vulnerability
Thanks for sharing! I’m glad I recently upgraded to 10.3. I didn’t realize that it addressed 83 vulnerabilities including this one. Good to know.
Interesting article it actually reminded me about somewhat same vulnerability in android a few years back.In that case the android phone went into infinite loop of rebooting. The attacker lure victims to play malformed media file (.MKV file) using the buggy ‘mediaserver’ plugin. This will cause the mediaserver function to fall into an endless loop beyond the user’s control, forcing the Android device to get slow down until it reboots… again and again.
Loi, that’s good to know and thanks for sharing. This represents another good reason people should take applying updates seriously. It’s funny that certain people refuse to update their mobile devices’ OS because they are “afraid” certain parts of the user interface no longer look the same.