What you need to know
- More than a billion popups were able to exploit bugs in Apple's WebKit and Blink, which powers Chrome.
- A bug spotted in August was very similar to one used in April by the same group.
- eGobbler is the group behind the malicious ads.
Reports today from TNW suggests that Malvertiser eGobbler was able to exploit "obscure" bugs in WebKit and Chrome to hit iOS and macOS users with over 1 billion malicious popups in less than two months.
According to TNW:
The attackers targeted iOS and macOS users with zero-day vulnerabilities in Chrome and Safari browsers that bypassed built-in security protections to show potential victims intrusive pop-up ads, and redirect users to malicious sites.
The research revealing this was carried out by Cybersecurity firm Confiant, who has been tracking eGobbler. Confiant raised awareness of an exploit in Chrome back in April of this year. Google fixed this in Chrome 75 on June 4. However, at the beginning of August Confiant claims that another eGobbler payload similar to the first was discovered. They note:
While this payload looks similar to the prior Chrome exploit on the surface, we found it peculiar that eGobbler would still be running outdated exploit code that was fixed months ago, so we recreated our test environment and staged the payload across over two dozen devices and browser versions. This time around however, the iOS Chrome pop-up was not spawning as before, but we were in fact experiencing redirections on WebKit browsers upon the 'onkeydown' event.
This new bug was reported to Chrome and to Apple, the Chrome team submitted a patch to WebKit on August 9, and Apple released a fix on September 19 in iOS 13, and September 24 in Safari 13.0.1 Despite Confiant raising the alarm quickly, they estimate that between August 1 and September 23, 1.16 billion malicious ads were viewed as a result of the flaw.
The news is proof that security is one of the most important reasons as to why you should try to keep all your software as up to date as possible.
Apple's RomaEst store in Italy to close permanently, October 17
Apple's RomaEst store will close October 17, paving the way for Apple's stunning new Apple store on the Via Del Corso.
Fortnite: Save the World no longer playable on Mac from September 23
Epic Games has said support for its tower defence game, Fortnite: Save the World, will end on Mac next week following Epic Games fallout and lawsuit against Apple.
Here's where to find all 120 Stars in Super Mario 64
There are hundreds of Stars hidden around and throughout Princess Peach's castle in Super Mario 64. Here's where you'll find them all.
New iPad (2020)? Pick up a case and protect it from the start!
Looking for the best iPad 2020 case? We've rounded up some of the best cases for Apple's 8th generation iPad here.