The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: WebKit

Over A Billion Malicious Ad Impressions Exploit WebKit Flaw to Target Apple Users

Over A Billion Malicious Ad Impressions Exploit WebKit Flaw to Target Apple Users

October 01, 2019Mohit Kumar
The infamous eGobbler hacking group that surfaced online earlier this year with massive malvertising campaigns has now been caught running a new campaign exploiting two browser vulnerabilities to show intrusive pop-up ads and forcefully redirect users to malicious websites. To be noted, hackers haven't found any way to run ads for free; instead, the modus operandi of eGobbler attackers involves high budgets to display billions of ad impressions on high profile websites through legit ad networks. But rather than relying on visitors' willful interaction with advertisements online, eGobbler uses browser (Chrome and Safari) exploits to achieve maximum click rate and successfully hijack as many users' sessions as possible. In its previous malvertising campaign, eGobbler group was exploiting a then-zero-day vulnerability (CVE-2019-5840) in Chrome for iOS back in April , which allowed them to successfully bypass browser's built-in pop-up blocker on iOS devices and hij
Microsoft Could Kill Internet Explorer; New Spartan Browser Coming Soon

Microsoft Could Kill Internet Explorer; New Spartan Browser Coming Soon

December 30, 2014Swati Khandelwal
Bad News for Internet Explorer fans, if any! Microsoft's almost 20 years old Web browser with a big blue E sign might soon be a thing of the past. With the arrival of Windows 10 , probably by next fall, Microsoft could come up with its brand new browser that's more similar to Mozilla's Firefox and Google's Chrome, but less like Internet Explorer (IE), according to a recent report published by ZDNet. "Ok so Microsoft is about to launch a new browser that's not Internet Explorer and will be the default browser in Windows 10," tweeted Thomas Nigro, a Microsoft Student Partner lead and developer of the modern version of VLC. The browser, codenamed " Spartan ," is a " light-weight " browser with extension support, and multiple sources confirm that this new browser isn't IE12. Instead, Spartan is an entirely new browser that will use Microsoft's Chakra JavaScript engine and Trident rendering engine (as opposed to WebKit
Apple Patches 22 Safari WebKit Vulnerabilities

Apple Patches 22 Safari WebKit Vulnerabilities

May 24, 2014Wang Wei
Apple has just released a pair of software updates for its Safari web browser addressing multiple Webkit vulnerabilities in Mac OS X, providing its users with 21 security patches. The critical bug resides in the Safari 7.0.4 for Mac OS X Mavericks 10.9.3 and Safari 6.1.4 for OS X Lion 10.7.5, OS X Lion Server 10.7.5 and Mountain Lion 10.8.5. According to Apple's security advisory , All of the 21 security flaws address the iOS browser vulnerabilities proliferating through the Safari's open-source Webkit rendering engine. This webkit vulnerability allows a malicious website to execute an arbitrary code on the host computer or unexpected termination of an application in an effort to compromise users' confidential information. " Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution ," Apple warned in the advisory. Security updates tackle a number of flaws including: CVE-2013-2875 CVE-2013-2927 CV
Update Your Safari Browser to Patch Two Dozen of Critical Vulnerabilities

Update Your Safari Browser to Patch Two Dozen of Critical Vulnerabilities

April 03, 2014Swati Khandelwal
So, is your Safari Web Browser Updated?? Make sure you have the latest web browser updated for your Apple Macintosh systems, as Apple released Safari 6.1.3 and Safari 7.0.3 with new security updates. These Security updates addresses multiple vulnerabilities in its Safari web browser, which has always been the standard browser for Mac users. This times not five or ten, in fact about two dozen. Apple issued a security update to patch a total of 27 vulnerabilities in Safari web browser, including the one which was highlighted at Pwn2Own 2014 hacking competition. The available updates replace the browser running OSX 10.7 and 10.8 with the latest versions of browser 6.1.3, and OSX 10.9 with 7.0.3. Among the 27 vulnerabilities, the most remarkable vulnerability addressed in the update is CVE-2014-1303 , a heap-based buffer overflow that can be remotely exploited and could lead to bypass a sandbox protection mechanism via unspecified vector. This vulnerability is
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.