ArsTechnica • 1 minute read
Webkit zero-day exploit besieges Mac & iOS with malvertising redirects
Attackers have bombarded the Internet with more than 1 billion malicious ads in less than two months. The attackers targeted iOS and macOS users with what were zero-day vulnerabilities in Chrome and Safari browsers that were recently patched, researchers said on Monday.
More than 1 billion malicious ads served in the past six weeks contained exploit code that redirected vulnerable users to malicious sites, according to a post published by security firm Confiant. The surge of malicious ads exploited a Safari vulnerability in both iOS and macOS, as well as a Chrome vulnerability in iOS.
"If we take a snapshot of eGobbler activity from August 1 to September 23, 2019, then we see a staggering volume of impacted programmatic impressions," Confiant researcher and engineer Eliya Stein wrote. "By our estimates, we believe up to 1.16 billion impressions have been affected."