Amazon winner pop ups on my iPhone

"The setting to prevent Cross Site scripting should catch the redirect but it doesn't appear to be working correctly."

Exactly! Someone found a vulnerability in the iphone/safari security and has compromised a number websites with these popups that get around the iphone/safari pop up blocker and script security settings.

Although the fact this occurs on so many sites still leads me to suspect that possibly this is iphone malware. Can someone easily get malware on the sites of so many large fortune 500 companies?

All these "answers" aren't answers at all. This has been happening for awhile on all my Apple devices. It happens on major sites like Forbes, pcmag, yahoo finance, nytimes etc. It started happening on Safari but now it happens on every browser. It doesn't happen on any of my computer's even when I force a mobile version of a site to load. This is an Apple problem and clearing your cache and history does absolutely nothing.

I haven’t had the problem since following Lawrence’s and FatZero’s suggestions (I did both). I turned the java scripting back on after a couple of days, but the problem has not returned after 2 weeks.

Turning java script off makes the internet pages look really bad. And as soon as I turned it back on I immediately got the pop up on the first page I was on. I even get these whilenin apps. Facebook, Reddit, twitter. It *****!

Did you try Lawrence’s suggestion? I followed both his and FatZero’s suggestion. I turned the java scripting back on after a couple of days. I have not had the problem since, and it has been 4 weeks.

Purchased the iPhone 8 Plus this afternoon. Just started Safari for the 1st time and opened Yahoo news. This pop-up literally came after the 2nd article I clicked. I’ve only downloaded 3 apps directly from the App Store: Gmail, Pandora, Roku. I haven’t plugged the phone into a computer or downloaded anything from a browser. Is Yahoo news infected because this same issue happened on my Dell laptop-to the point that I deleted both browsers.

“Infection” isn’t quite the right word. Most websites contract with ad placement agencies and really have no control or knowledge over what ad content is served on their sites. Even the agencies frequently don’t know. So it is very easy for an underhanded advertiser to place invasive ads on a site. Many otherwise respectable sites have delivered malware at times - wsj.com, nytimes.com, Forbes.com (several times for Forbes). It would not surprise me that yahoo has also, considering that they are now owned by Verizon, and Verizon has a poor track record, even infecting routers at one timE and inserting ads into cell data streams.

This has made its way into many sites.

It’s also clear that iPhones and possibly all iOS devivces are uniquely vulnerable to this as I never these pop up hijacks on my computer.

Apple needs to close up this vulnerability so that they’re pop up blocker works on it - or at least prevent the hijacking part of it where you can back or close it without closed the browser

The way I fixed it on my phone is I went to Safari and I deleted all book marks first. Then delete all favorites. Remove anything from your reading list and delete your history in Safari first, after doing that then go to settings/safari and clear all history and web site data.

I have done this 5 times (cleared out bookmarks etc) and even reset my phone to stock then reinstalled iOS and it still happens. It's obviously and Apple issue because my family has Android phones and we tried to replicate it doesn't happen.

What has worked for me is FatZero’s advice—disable java scripting for a short period of time. I did not get the pop up again for approximately four weeks After doing this. When I did get it again, I immediately disabled Java scriptIng, left it disabled for just a couple of hours and then enabled it again. That was about two weeks ago. I have not had another pop up. I agree with another poster that it more likely that the websites are infected and that there is nothing Apple can do, but it would be nice if Apple would weigh in on the issue.

It’s not java.

it’s javascript.

they are not the same thing.

The issue is related to JavaScript and bad actors in the advertising business.

The website does not screen or create the ads themselves, they just run them or have them supplied by a service.

The only way to stop this is report the issue and stop visiting the sites supplying the ads.

I use to get the pop up all the time, I did what I first recommended over a week and a half ago and I still have not received one pop up. I forgot to mention I deleted my reading list also in this process.

So go to safari and delete bookmarks, delete reading list and delete history and after that go to settings/safari and delete history and website data.

I did the same thing numerous times but it didn't work. A fresh install of iOS didn't work.

What finally worked was deleting my safari data and then turning off iCloud sync for safari (it will ask you to keep data or delete). Once I deleted that from iCloud everything is back to normal.

No that’s incorrect. While this is malware it clearly exploits a vulnerability associated with safari and iPhone as it does not happen in any other devices or computers. Apple needs to investigate how the safari vulnerability is being exploited.