Webkit zero-day exploit besieges Mac and iOS users with malvertising redirects

Enlarge / Artist's impression of a malicious hacker coding up a BlueKeep-based exploit. (credit: Getty Images / Bill Hinton)

Attackers have bombarded the Internet with more than 1 billion malicious ads in less than two months. The attackers targeted iOS and macOS users with what were zero-day vulnerabilities in Chrome and Safari browsers that were recently patched, researchers said on Monday.

More than 1 billion malicious ads served in the past six weeks contained exploit code that redirected vulnerable users to malicious sites, according to a post published by security firm Confiant. The surge of malicious ads exploited a Safari vulnerability in both iOS and macOS as well as a Chrome vulnerability in iOS.

“Staggering volume”

"If we take a snapshot of eGobbler activity from August 1 to September 23, 2019, then we see a staggering volume of impacted programmatic impressions," Confiant researcher and engineer Eliya Stein wrote. "By our estimates, we believe up to 1.16 billion impressions have been affected."

Read 5 remaining paragraphs | Comments

via Biz & IT – Ars Technica https://ift.tt/2nc8Dgz