Source: https://www.linkedin.com/feed/update/urn%3Ali%3Ashare%3A6584801179929231361
#Javascript Up and Down Key #Function #Vulnerability Results in #Hijacking of #Key #Presses on #iOS, #macOS, and, #Chrome #Browsers: The eGobbler threat actors recently discovered and started exploiting a new vulnerability in WebKit, the browser engine used by Apple Safari browser for both iOS and macOS, Chrome for iOS and also by earlier versions of Chrome for desktop. The new WebKit exploit is more interesting because it doesn’t require users to click anywhere on legit news, blog or informative websites they visit, neither it spawns any pop-up ad.
Instead, the display ads sponsored by eGobbler leverage the WebKit exploit to forcefully redirect visitors to websites hosting fraudulent schemes or malware as soon as they press the key down or page down button on their keyboards while reading the content on the website. This is because the Webkit vulnerability actually resides in a JavaScript function, called the onkeydown event that occurs each time a user presses a key on the keyboard, that allows ads displayed within iframes to break out of security sandbox protections.