Apple releases iOS 10.3 patch, fixing ransomware vulnerability

Yesterday, Apple released a patch for iOS 10.3 that fixed a security vulnerability in Safari that allowed ransomware scammers to display an endless loop of pop-up windows.

The victims of this exploit were taken to a fake law enforcement website that accused them of doing something illegal, then demanded they pay a fine for their alleged misdeeds.

The scammers demanded payment in the form of iTunes Gift Cards.

Researchers from Lookout, a mobile app security organisation, kindly pointed out the reasons why many of them decided to pay up. In essence, the users were unable to access any other functions of the browser until the ransom had been paid, which explains why many of them finally caved in.

The scammers also used a psychological type of pressure to scare the victims into paying, and if the affected users tried to navigate away, they were unable to, since they were trapped in a never-ending cycle of popups originating from the same website.

Supposedly, it was possible to fix the issue by clearing the browser’s cache and history, but as of the latest iOS 10.3 patch, this will no longer be needed, since the hack was effectively rendered obsolete. A patch of this sorts is also quite important if you are concerned about data security, because it means that the hackers currently will not have a way to take control over your browser, at least not any that is widely known.

If you are interested in the full Lookout’s report, you can visit their official blog.