The nature of the bug is that a cross-origin nested iframe is able to “autofocus” which bypasses the “allow-top-navigation-by-user-activation” sandbox directive on the parent frame. With the inner frame automatically focused, the keydown event becomes a user activated navigation event, which renders the ad sandboxing entirely useless as a measure for forced redirect mitigation.
The security firm reported this issue to Apple on August 7. Within two days, Apple responded and said it was investigating the issue. That's the same day when WebKit received a patch for the bug. Approximately a month later, Apple closed the security gap in both iOS 13 and Safari 13.0.1.
eGobbler still had a busy month, however. From August 1 to September 23, the malvertiser affected 1.16 billion impressions. Those attacks targeted primarily Windows users surfing the web via Chrome in 13 different countries.
The scale of eGobbler's campaigns, not to mention the speed with which it has adopted new exploits, illustrates the importance of organizations taking security vulnerabilities seriously. One of the best ways they can do this is for organizations to strengthen their vulnerability management capabilities. Learn how Tripwire IP360 can improve organizations' efficiency and focus when dealing with security weaknesses.