An exploit that targets the Safari internet browser has surfaced that can overload a computer’s memory and cause a system crash.  When the exploit activates, a user’s email client will activate and attempt to open hundreds of blank emails until system resources are exhausted.  MAC OS users are advised to use caution when following links or to switch away from Safari as their default browser.

The Safari browser exploit is the most recent version of the popular IT Support scams currently in circulation.  When the exploit causes the email client to generate email popups, they are automatically propagated with the words “Warning! Virus Detected!” in the email subject line.  The emails themselves are not sent anywhere but instead contain a fake “Apple Support” hotline number.  If a user is gullible enough to contact the support line, they will be connected to a fraudster who will solicit payment information before disconnecting.  On older versions of Apple OS, the exploit has been found to take advantage of iTunes as well.  In much the same manner as the email client, the exploit will cause multiple instances of iTunes to open until the system experiences a hard lock.  What makes matters worse is that because of how Macs and the Safari browser are designed, even after a hard reboot, the computer can still be compromised.  The problem stems from functionality within Safari that allows the browser to restore a “saved state” of the most recently viewed webpage.  This means that even if a user escapes the email spam loop, the next time the browser is started, it will begin anew.

While this Safari exploit shares many of the characteristics of malware, it is actually just a bug within the system; nothing malicious is downloaded onto a user’s computer.  The attack much more closely resembles a DDoS, the type of denial-of-service attack that more typically plagues websites and online servers.  By exploiting a loophole or running automated scrips, these types of attacks can bring down even to most well prepared websites and services.

The good news is that this particular exploit has been patched out of the most recent version of the Apple operating system; macOS Sierra 10.12.2.  Users should remember to keep their systems patched to offer the most protection from these types of attacks.

As a final reminder on the subject, while this particular attack is aimed at MACs, it is not unique to MAC OS.  Similar attack sites have existed for years and can compromise PCs in much the same way, either by locking browsers or worse.  If you encounter one of these attacks you should contact your IT department and report the matter immediately.  These attacks are often linked to more serious security concerns and can result in long term damage if left unchecked.