iOS 10.3 , released Vulnerability-related.PatchVulnerability to the public on Monday , patches Vulnerability-related.PatchVulnerability a bug that allowed bad actors to use a JavaScript pop-up in Safari in an attempt to extort money Attack.Ransom from iOS users . Security firm Lookout ( via Ars Technica ) said the scammers would target Safari users who viewed pornography by placing malicious scripts on various pornographic website that would create an endless pop-up loop that basically locked the browser , if an uninformed user didn ’ t know how to get around the flaw . The scammers abused the handling of pop-ups in Mobile Safari in such a way that a person would be “ locked ” out from using Safari unless they paid a fee Attack.Ransom — or knew they could simply clear Safari ’ s cache ( see next section ) . The attack was contained within the app sandbox of the Safari browser ; no exploit code was used in this campaign , unlike an advanced attack like Pegasus that breaks out of the app sandbox to install malware on the device . The scammers registered domains and launched the attack from the domains they owned , such as police-pay [ . ] com , which the attackers apparently named with the intent of scaring users looking for certain types of material on the Internet into paying money . The pop-ups claimed to be Attack.Phishing from law-enforcement personnel , and claimed the only way to get control of the browser back was to pay a fine Attack.Ransom in the form of an iTunes gift card code delivered via text message . Users actually could have gotten out of the pop-up loop by manually clearing the Safari browser cache . However , a new or otherwise uninformed user might believe they actually needed to pay the ransom Attack.Ransom before regaining control of their browser . “ The attackers effectively used fear as a factor to get what they wanted before the victim realized that there was little actual risk , ” Lookout researchers Andrew Blaich and Jeremy Richards said . iOS 10.3 changes the way pop-up dialogs work in Safari . Previously , a pop-up dialog took over the entire Safari app . Now , pop-ups are only per tab . iOS users who are hit by the scam before updating to iOS 10.3 can clear their browsing cache by going to “ Settings ” - > “ Safari ” and tapping : “ Clear History and Website Data . ”

iOS 10.3 , released Vulnerability-related.PatchVulnerability to the public this morning , fixes Vulnerability-related.PatchVulnerability a bug that allowed scammers to attempt to extort money Attack.Ransom from iOS users through a JavaScript pop-up in Safari . As explained by mobile security firm Lookout ( via Ars Technica ) , the scammers targeted iOS users viewing pornographic material and abused JavaScript pop-ups to create an endless pop-up loop that essentially locked the browser if the user did n't know how to bypass it . Using `` scareware '' messages and posing as Attack.Phishing law enforcement , the scammers used the pop-ups to extort money Attack.Ransom in the form of iTunes gift cards from the victim , promising to unlock the browser for a sum of money . The scammers abused the handling of pop-ups in Mobile Safari in such a way that a person would be `` locked '' out from using Safari unless they paid a fee Attack.Ransom or knew they could simply clear Safari 's cache ( see next section ) . The attack was contained within the app sandbox of the Safari browser ; no exploit code was used in this campaign , unlike an advanced attack like Pegasus that breaks out of the app sandbox to install malware on the device . The scammers registered domains and launched the attack from the domains they owned , such as police-pay [ . ] com , which the attackers apparently named with the intent of scaring users looking for certain types of material on the Internet into paying money . The endless pop-up issue could be fixed by clearing the Safari cache , but many users likely did not know they did n't need to shell out money to regain access to their browsers . Pop-up scams are no longer possible with iOS 10.3 , as Apple has changed the way pop-up dialogs work . Pop-ups are now per-tab and no longer take over the entire Safari app .