Apple recently released the iOS 10.3 update, adding several new features and fixing several security issues in the mobile operating system.
One of the exploits that Apple addressed with the iOS 10.3 update involved Safari, which scammers have used to trick victims into thinking that their mobile browser is locked.
Safari Scareware Neutralized By iOS 10.3 Update
The scareware campaign, which was discovered by security firm Lookout, saw scammers abuse how the mobile version of Safari handled JavaScipt pop-up dialogs to make it appear that the browser was broken.
Once a user visits a malicious website where the attack code for the exploit was implanted, Safari would display an endless stream of pop-up dialogs that did not close no matter how many times users tap on the OK button.
The attackers would then demand the victims to make a payment in the form of an iTunes gift card to "unlock" Safari, supported by threatening messages that are meant to scare victims into paying. One such message stated that the website the victim visited was pornographic, and to fix Safari, they would have to text an iTunes gift card code worth about $125 to a certain number.
Scareware vs. Ransomware
Ransomware is the term given to attacks that encrypt some or all of the data stored within a system, with attackers then promising that they would decrypt the files once their victims pay them a certain amount.
The exploit that the iOS 10.3 update fixed, however, is labeled as scareware, primarily because the point of the attack is to scare victims into paying the attackers. The attack does not compromise the device or exposes data to the attackers at all.
In fact, for more tech-savvy iPhone owners who were targeted by the attack, all they had to do to restore Safari to its original state is to clear the cache of the browser through their smartphone's Settings. By doing so, the unending pop-up dialogs would be removed from the browser, allowing it to be used normally again.
Install iOS 10.3 Now
The reported scareware campaign highlights how important it is for mobile device users to keep their operating systems updated, as Apple and Google continuously patch up exploits found in iOS and Android to prevent users from falling victim to such attacks.
The iOS 10.3 update does not only fix the Safari exploit, as hundreds of security issues are patched up in the update. Some of the fixed bugs might be considered obscure, but there are several discovered iOS exploits that allow attackers to arbitrarily execute code with root privileges, which means updating to iOS 10.3 should be done sooner than later.
In addition to the security fixes, the iOS 10.3 update features a new file system for iPhones and iPads, the Find My AirPods tool for owners of the wireless Bluetooth earphones, updates to CarPlay and Siri, and many more.
Starting in iOS 10.3, notifications will also be sent to users if the app that they are launching is 32-bit, warning that future versions of iOS may not support it. This is because Apple will soon only allow 64-bit apps to be installed in iOS devices.