News

Apple bugs let through a billion scam pop-up ads

According to ad security firm Confiant, security flaws in Apple’s WebKit as well as the Blink frameworks that power Chrome and Safari on macOS and iOS have led to over a billion scam pop-up ads being served.

These ads have become a major headache for web publishers. Nowadays, scammers are able to smuggle malicious ads into major networks, including Google.

Web visitors encounter them throughout the web, and mistakenly assume that they are being served by the websites they are visiting. Websites, meanwhile, are only able to block these ads after they have been displayed and reported.

Confiant said that the exploits in question were only blocked in Safari 13.0.1 and iOS 13. The firm added that over the past year, it had written about one of these scammers extensively on its blog.

The company, which calls itself eGobbler, has emerged as a very active source of ‘malvertising’, and its ad campaigns often compromise hundreds of millions of ad impressions. Web visitors throughout the US and Europe are regularly impacted by its activities.

Since April this year, the threat group has on several occasions exploited little-known browser bugs to sidetrack built-in browser protections against forced redirections and pop-ups. Confiant first reported one of these exploits on 11th April. This particular one affected Chrome versions before 75 running on Apple’s iOS.

The second one, which impacted WebKit-based browsers, was reported on 7th August and was only fixed on 19th September in Apple’s Safari 13.0.1 and iOS 13. Confiant reported these bugs to both Apple and Chrome.

Chrome released a patch within a few days, but Apple took nearly one and a half months to bring out a fix. All of this is just one more reason to update all your devices regularly, though even that will not provide 100% protection if companies such as Apple don’t respond faster to bug reports.

Tags

About the author

Chris

I've been a passionate evangelist for Apple and the Macintosh throughout my working life, my first love was a Quadra 605 working with a small creative agency in the south of Norfolk UK in the mid 1990's, I later progressed to other roles in other Macintosh dominated industries, first as a Senior graphic designer at a small printing company and then a production manager at Guardian Media Group. As the publishing and printing sector wained I moved into Internet Marketing and in 2006 co-founded blurtit.com which grew to become one the top 200 visited sites in the US (according to Quantcast), at its peak receiving over 15 million visits per month. For the last ten years I have worked as an Affiliate and Consultant to many different business and start ups, my key skill set being online marketing, on page monetisation, landing page optimisation and traffic generation, if you would like to hire me or discuss your current project please reach out to me here.

You can also follow me on: and

Add Comment

Click here to post a comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.