When it comes to malicious advertising, there are dangerous adverts which threaten your computer’s security or your personal information, and then there are the ads which are as annoying as they are pointless and stupid.
iOS users are getting hit this week from a new wave of adverts from the latter category. Benjamin Mayo of 9to5Mac reports that he has basically been forced to give up on browsing on his iPhone because adverts embedded on sites ranging from Reddit to Buzzfeed to MacStories are currently redirecting his iPad to the iTunes app store.
As you can see in the proof video show below, the adverts are hijacking the web browser and redirecting it to iTunes as soon as the webpage is fully loaded – and before you have time to read any of the content:
The trick you see in the video is similar to tricks that a more malicious advert would use to redirect your PC or Android device to a site where it could be hacked. Only in this case the users is being dumped on the listing pages for certain iOS apps, presumably in the hopes that the victim would install the apps.
I’m not sure why anyone would think that is a good audience recruitment tool, but more importantly I have to wonder why they wasted the exploit.
This is (at a minimum) the second time that someone has found a way to hijack Safari and redirect users to iTunes. Apple fixed what ever loophole was exploited last time, and released that fix as part of iOS 8, but someone has found a new flaw to exploit.
Based on the complaints on twitter, this issue only started showing up in the past week or so, and it’s not affecting all iOS users. It’s also not a serious threat, more of a nuisance, but let’s hope it gets fixed soon.
image by William Hook