Three Ways to Fix a Safari Browser Hijack in iOS 11


| How-To

Page 2 – How to Fix a Safari Hijack in iOS 11

Dealing with Browser Hijacks in iOS

iOS is well built, and there aren’t any known vectors for actually taking over your iPhone or iPad in Apple’s mobile OS. What these asshats are doing is using JavaScript to effectively block functionality in Safari. The three methods I outline below are easy workarounds, starting with clearing your browser cache.

With this method, we’ll force quit Safari and then clear some or all of your cache to delete the offending webpage.

Step 1: Force Quit Safari. In iOS 11 on iPhone 8/Plus and earlier, as well as iPad, double tap the Home Button to bring up the App Switcher. Swipe up on Safari to Force Quit.

In iOS 11 on iPhone X, swipe up from the bottom of the screen and hold (or, swipe up and to the left in an arc) to bring up the App Switcher. Tap and hold on an app until the red circles with a minus sign appears. Tap the minus sign on Safari to Force Quit the app.

App Switcher in iOS 11 on iPhone X

App Switcher in iOS 11 on iPhone X

Step 2: Go to Settings > Safari > Clear History and Website Data > Clear History and Data, as shown below. This will erase the cache for Safari on this device—AND every other device that syncs Safari through iCloud—erasing the problematic webpage from your device.

You may be given the option of just erasing data from the last hour. This is a great option if you don’t want to lose the rest of your web cache. I used that option when dealing with my encounter, but didn’t have it when taking screenshots for this article.

Clear History and Data in iOS 11

Clear History and Data in iOS 11

This will solve most browser hijacks in iOS 11. When you open up Safari again, the offending page will be gone and you’ll be free to user your device normally.

Two Methods for Dealing with More Pernicious Browser Hijacks

Sometimes, though, the scumbags get a little more clever, and clearing your data alone doesn’t work. Don’t ask me how that’s possible, but I found the two methods below when helping someone with just this problem.

If clearing your history and data doesn’t work, you can try turning off JavaScript. To do so, first Force Quit Safari as described above. This might not be necessary, but it’s better to be thorough and cover all your bases. Then, go to Settings > Safari > Advanced, and tap the JavaScript toggle until its off, as shown below.

Advanced Safari Settings in iOS 11

Relaunch Safari and you should be able to close the offending tab. You may also want to clear your History and Data, as described above. You can then turn JavaScript back on, as many useful and legitimate features on webpages use it.

Using an External Link to Bypass a Browser Hijack

There’s yet one more method for bypassing a hijacked browser window in Safari in iOS 11, and that’s to open a new window by tapping on a link in another app. You can do this any number of ways. For instance, having a friend send you a URL in iMessage. In a pinch, you can send the URL yourself to a friend in iMessage. Once it’s in a chat, you can tap it no matter who sent it.

If you already have a link someone sent you, use that, be it in iMessage, Mail, a Note, or anywhere else. The object here is to send the URL to Safari, which will open it in a new window, despite the browser hijack. Here’s an example:

Tapping a URL in iMessage

Tapping a URL in iMessage

Once you tap it and head back to Safari, it will open the new window. You can then go to the tab browser in Safari and swipe the offending webpage away.

Tab switcher in Safari on iPhone X

Tab switcher in Safari on iPhone X

In the case where I helped a friend, the malicious page would reassert itself on top of the new tab. It was a really well-crafted piece of scummery. She had only a split second to tap the tab switcher, and it took several tries. In the end, however, we won and the scumbags were defeated.

Yay us!

Hopefully these steps will help you beat the bad guys, too.

2 Comments Add a comment

  1. Lee Dronick

    This happens to me at a few website that I regulalry visit. I will report to the webmaster who will investigate and 86 the ad, but a few days later the slimeball is at it again.

    Maybe the answer would be for website to not allow advertisers to use javascript in the ads, just a simple link. It would probably speed up the page load.

  2. boltar

    Sorry but this is just the ad network being weaponized. I will make a few repeat visits to sites where this happens and notify the site, but if it persists more than a couple of visits, that’s it, I’m blacklisting you. In general this is among the reasons “we can’t have nice things”, but that is the world we live in. If ad networks can’t fix this problem quickly, it will be the well-deserved end of them.

Add a Comment

Log in to comment (TMO, Twitter, Facebook) or Register for a TMO Account