Webkit zero-day exploit besieges Mac and iOS users with malvertising redirects

by
Dan Goodin
from Ars Technica - All content on (#4RHBQ)
GettyImages-843466180-800x526.png

Enlarge / Artist's impression of a malicious hacker coding up a BlueKeep-based exploit. (credit: Getty Images / Bill Hinton)

Attackers have bombarded the Internet with more than 1 billion malicious ads in less than two months. The attackers targeted iOS and macOS users with what were zero-day vulnerabilities in Chrome and Safari browsers that were recently patched, researchers said on Monday.

More than 1 billion malicious ads served in the past six weeks contained exploit code that redirected vulnerable users to malicious sites, according to a post published by security firm Confiant. The surge of malicious ads exploited a Safari vulnerability in both iOS and macOS, as well as a Chrome vulnerability in iOS.

"Staggering volume"

"If we take a snapshot of eGobbler activity from August 1 to September 23, 2019, then we see a staggering volume of impacted programmatic impressions," Confiant researcher and engineer Eliya Stein wrote. "By our estimates, we believe up to 1.16 billion impressions have been affected."

Read 5 remaining paragraphs | Comments

index?i=j3kycrCTyos:k8YJpbTbCxo:V_sGLiPB index?i=j3kycrCTyos:k8YJpbTbCxo:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments