Security News > 2021 > February > WebKit Zero-Day Vulnerability Exploited in Malvertising Operation
A malvertising operation observed last year by advertising cybersecurity company Confiant exploited what turned out to be a zero-day vulnerability in the WebKit browser engine.
Confiant researchers discovered the security hole while analyzing a campaign carried out by a threat actor they call ScamClub.
The group has been around for several years, launching malvertising attacks designed to redirect users to a wide range of scam websites promising prizes.
If the event listener picks up a message, it would trigger the redirect, which increases the chances of users being redirected to their scam websites without actually clicking inside their iframe to directly trigger the redirect.
Confiant spotted the campaign exploiting the vulnerability in June 2020 and immediately reported its findings to Apple, whose Safari browser uses WebKit, and Google, whose Chrome browser on iOS also uses WebKit.
The issue was addressed in WebKit in December 2020, and Apple included the patch in the versions of WebKit delivered with updates released for iOS and macOS earlier this month.