JavaScript-Based Safari Ransomware Exploit Patched in iOS 10.3

by

iOS 10.3, released to the public this morning, fixes a bug that allowed scammers to attempt to extort money from iOS users through a JavaScript pop-up in Safari.

As explained by mobile security firm Lookout (via Ars Technica), the scammers targeted iOS users viewing pornographic material and abused JavaScript pop-ups to create an endless pop-up loop that essentially locked the browser if the user didn't know how to bypass it.

ransomwarescam
Using "scareware" messages and posing as law enforcement, the scammers used the pop-ups to extort money in the form of iTunes gift cards from the victim, promising to unlock the browser for a sum of money.

The scammers abused the handling of pop-ups in Mobile Safari in such a way that a person would be "locked" out from using Safari unless they paid a fee -- or knew they could simply clear Safari's cache (see next section). The attack was contained within the app sandbox of the Safari browser; no exploit code was used in this campaign, unlike an advanced attack like Pegasus that breaks out of the app sandbox to install malware on the device.

The scammers registered domains and launched the attack from the domains they owned, such as police-pay[.]com, which the attackers apparently named with the intent of scaring users looking for certain types of material on the Internet into paying money.

The endless pop-up issue could be fixed by clearing the Safari cache, but many users likely did not know they didn't need to shell out money to regain access to their browsers.

Pop-up scams are no longer possible with iOS 10.3, as Apple has changed the way pop-up dialogs work. Pop-ups are now per-tab and no longer take over the entire Safari app.

Related Forum: iOS 10

Popular Stories

iOS 26 Feature

iOS 26.1 to iOS 26.4 Will Add These New Features to Your iPhone

Wednesday October 1, 2025 1:26 pm PDT by
iOS 26 was released last month, but the software train never stops, and iOS 26.1 beta testing is already underway. So far, iOS 26.1 makes both Apple Intelligence and Live Translation on compatible AirPods available in additional languages, and it includes some other minor changes across Apple Music, Calendar, Photos, and Safari. More features and changes will follow in future versions,...
Read Full Article
iPhone 17 vs Air and Pros Feature

New iPhones See 'Stronger Than Expected' Demand With One Exception

Thursday October 2, 2025 7:26 am PDT by
Nearly two weeks after the iPhone 17 series launched, analysts at investment banking firm Morgan Stanley said demand for the devices has been "modestly stronger than we originally expected," based on a combination of extended shipping estimates on Apple's online store and information it gathered from Apple's supply chain. There has been strong early demand for the iPhone 17, iPhone 17 Pro,...
Read Full Article236 comments
space black mbp

Here's Every New Apple Product That Leaked Yesterday

Wednesday October 1, 2025 8:27 am PDT by
A handful of upcoming Apple products leaked yesterday, through a combination of YouTube videos out of Russia and U.S. Federal Communications Commission (FCC) documents that were released, despite Apple's confidentiality requests. The leaked products include an iPad Pro with an M5 chip, as well as updated MacBook Pro and Apple Vision Pro models. All of these devices had already been rumored...
Read Full Article38 comments
apple wallet drivers license feature iPhone 15 pro teal 1

Apple's iPhone Driver's License Feature Now Available in 11 U.S. States

Tuesday September 30, 2025 6:40 am PDT by
In select U.S. states, residents can add their driver's license or state ID to the Wallet app on the iPhone and Apple Watch, providing a convenient and contactless way to display proof of identity or age at select airports and businesses, and in select apps. Apple recently revealed that the feature would soon be available in North Dakota, and starting today, the feature has officially gone...
Read Full Article54 comments
Tim Cook Rainbow

Apple Event in October? Here's What to Expect

Monday September 29, 2025 9:31 am PDT by
Apple's annual iPhone event is in the rearview mirror, but rumors suggest the company plans to release a handful of additional products before the year ends. Will there be another Apple event this October? We discuss the possibility below. Apple in October Apple's most recent October events were in 2021 and 2023. In 2022 and 2024, Apple did not host an October event. Instead, it...
Read Full Article63 comments
fcc vision pro leak

FCC Accidentally Leaks Apple's Next Vision Pro

Tuesday September 30, 2025 3:48 pm PDT by
The United States Federal Communications Commission (FCC) has seemingly confirmed Apple's work on an updated version of the Vision Pro headset. One of several documents the FCC shared today references an Apple-designed "Head Mounted Device" with a model number of A3416. An included image confirms the device is a Vision Pro. The FCC's uploads are transmission tests, SAR test reports, and...
Read Full Article97 comments
macbook pro prime day 2025

FCC Leaks Upcoming MacBook Pro and More

Tuesday September 30, 2025 1:58 pm PDT by
The United States Federal Communications Commission has confirmed Apple's work on a new version of the MacBook Pro and several other products, leaking details on the devices ahead of launch. The FCC published documents that reference model numbers that do not correspond with existing devices. A3434, for example, references an unreleased MacBook Pro, while other numbers are likely for...
Read Full Article63 comments
Apple 2025 Thumb 1

Apple's 2025 Product Roadmap: What's Still Coming

Wednesday October 1, 2025 3:56 pm PDT by
Apple's two big yearly events, WWDC and the iPhone launch, are done and over with, but there are still some new products that we're expecting to see before the end of the year. Apple TV The Apple TV hasn't been updated since 2022, so it's due for a refresh. It doesn't look like Apple is going to change the design of its set-top box, but we can expect a faster chip Apple code suggests...
Read Full Article90 comments
maxresdefault

New iPad Pro With M5 Chip Leaked in Unboxing Video

Tuesday September 30, 2025 8:39 am PDT by
An apparent unboxing video for an unannounced iPad Pro with the M5 chip was uploaded to YouTube today by Russian channel Wylsacom. The same YouTube account leaked the 14-inch MacBook Pro with the M4 chip before it was announced by Apple last year, so this is likely a legitimate leak. Based on the box shown in the video, this appears to be a 13-inch iPad Pro with an M5 chip, 256GB of...
Read Full Article298 comments
iOS 26 Everything New Feature

26 Hidden iOS 26 Tricks to Change How You Use Your iPhone

Wednesday October 1, 2025 9:16 am PDT by
Apple released iOS 26 in mid-September, bringing a range of new features and changes to iPhones across the globe. But not all of the included improvements have been showcased with Apple's typical fanfare, and many are likely to have been overlooked. Below, we've highlighted 26 lesser known additions and enhancements that could potentially change how you use your iPhone on a daily basis. Got...
Read Full Article40 comments

Top Rated Comments

seanmcbay Avatar
seanmcbay
111 months ago
Great news. These pop-up loops are the worst thing and they don't belong in 2017. Now Apple needs to prevent Safari ads from automatically taking you to the App Store for some crappy IAP fest game.
Score: 48 Votes (Like | Disagree)
man3ster Avatar
man3ster
111 months ago
Finally, I can search for porn again.
Score: 19 Votes (Like | Disagree)
ApfelKuchen Avatar
ApfelKuchen
111 months ago
I think it's all on apple to stop these scams and also refund anyone duped by them, because they've allowed a third party to effectively break the device and allow the scam to work.
"Allowed" how? Did they give the scammers instructions on how to "break" the device?

Good luck suing the makers of door locks or plate glass for "allowing" a burglar to pick the lock or break a window. Good luck suing the police for "allowing" the break-in. Good luck suing the telephone company for "allowing" a scammer to place a call, or the city for "allowing" a scammer to ring your doorbell. Failing to provide 100% safety is not the same as "allowing" a crime to occur.

The creators of these browser scams find weaknesses in the software. The developers of browsers plug the weaknesses. That's the same cat-and-mouse game you find anywhere there's crime.

Browsers are a particularly good target because, among other things, browsers are expected to correctly display web pages, regardless of who created that web page. Open Internet, and all that. You want a guarantee of 100% safety? Don't use the Internet.

I love the diversity around here. Some people complain that Apple's software allowed a scam to occur. Apple (presumably) attends to their needs by issuing software updates to combat the scams. Others are all up in arms, "How dare Apple force these updates upon us!"
Score: 8 Votes (Like | Disagree)
zzLZHzz Avatar
zzLZHzz
111 months ago
And I hope Apple can STOP the automatic update downloads.
Sometimes I run out of storage and Apple still sends the signal to download the iOS update.
as a developers, i hope they will continue with the automatic update.

the moment user have a choice in that, people will never update their OS and it just goes downhill from there.
Score: 7 Votes (Like | Disagree)
DBZmusicboy01 Avatar
DBZmusicboy01
111 months ago
And I hope Apple can STOP the automatic update downloads.
Sometimes I run out of storage and Apple still sends the signal to download the iOS update.
Score: 4 Votes (Like | Disagree)
wikiverse Avatar
wikiverse
111 months ago
There is a switch to stop app updates, but that doesn't include iOS itself? Unfortunate that Apple hasn't provided user control over that yet, but they do provide a way of deleting the downloaded update now.

https://www.igeeksblog.com/how-to-remove-software-update-download-from-iphone-ipad/
Except they force the download on you again as soon as you are connected to a Wifi Network, not only wasting space on your phone but wasting your download quotas on wifi - something extremely annoying and expensive if you live in a rural area, or are using hotel wifi. How about just having an opt-out option, or at least not immediately downloading it again if it is deleted.
Score: 4 Votes (Like | Disagree)
Read All Comments