A zero day exploit in WebKit (recently patched) affected iOS and macOS users by redirecting their browsing to malicious websites via a criminal group known as ‘eGobbler.’
WebKit Zero Day
The exploit affected Safari (iOS, macOS) and Chrome (iOS). Over a billion malicous ads were served in the past six months that redirected users to malicious websites. It took advantage of a zero day exploit in WebKit, Safari’s browser engine. The exploit was inside a JavaScript function (onkeydown event) that happened every time a user pressed a key on their keyboard.
Security researcher Eliya Stein:
If we take a snapshot of eGobbler activity from August 1 to September 23, 2019, then we see a staggering volume of impacted programmatic impressions. By our estimates, we believe up to 1.16 billion impressions have been affected.
Security company Compliant found and reported the vulnerability to Google and Apple on August 7. iOS 13 fixed it for Chrome on iOS, and it was fixed for Safari with iOS 13.0.1. About 1.1% of iOS users were affected, and 139% of macOS users were affected.
Further Reading:
[‘Words With Friends’ Data Breach Affects 218 Million]
[PDF Expert 7 Updates With Dark Mode, PencilKit, More]