Whether it is from clicking on spam or otherwise being caught in a malicious trap, every now and then such oversights when browsing the Web can have you inadvertently load phishing or spam pages that attempt to pull ransomware attacks on you. When this happens, you will see a warning window claims your browser has been locked and you will have to pay a fee or give them information to release it.
This issue is a common scam done by way of a Javascript loophole. In most cases, javascript alerts are issued once when a developer needs to inform you of an error or other detail, and when you click “OK” or “Cancel” the alerts go away. However, by simply implementing the alert in a loop, a a developer can make it so the message displays repeatedly, locking out all other functions of your browser and making it appear as if they really have locked your browser.
These phishing attempts usually are presented on top of a fake FBI or other government Web site, to help legitimize the scam.
Furthermore, because Apple uses Resume features in OS X that preserve an application’s opened documents and window locations, if you force-quit Safari and then reload it, the page may load again and resume this frustrating behavior.
Safari does have some hidden developer options that can stop the execution of JavaScript on a page, but unfortunately they require you dismiss all alerts before you can use them, and when alerts are in a loop, they will reappear too fast.
This demo page shows such an alert in a loop that will repeat indefinitely. When this happens, note the page’s address, as this will be useful for clearing the alert.
This leaves you with two approaches for managing these situations:
Force-quit the Safari Web process that is hosting the page
Unlike other browsers in OS X, Safari hosts pages in separate running processes on your Mac. This makes them effectively be separate applications that will appear as such in OS X’s Activity Monitor utility. To identify the problematic Web page, make a note of its title and URL address, and then do the following in Activity Monitor:
- Choose “All Processes” from the View menu.
- Search for “Safari Web Content” in Activity Monitor’s search field.
- Click on the Process Name column title to sort listings by this field so they won’t jump around in your view.
With this done, if you cannot see the URL of your Web page listed, then hover your mouse over each Safari Web Content process to see a list of the URLs represented by it. Once you have located the URL for the page that is giving you problems, select that Web Content process and use the “X” button in the toolbar to force it to quit. You should now be able to dismiss the JavaScript alert and close the page that is causing it.
In Activity Monitor you can see the Web page’s URL as the name of the corresponding Web Content process. If not, you should be able to hover your mouse over each process to see a tooltip list of the URLs that process represents.
Remove Safari’s saved state
A second approach for this requires you force quit Safari and then clear out its saved windows so they will not re-load when you next launch the program. This approach is a little more intrusive on your workflow, but is a good way to prevent any unwanted pages from being loaded when you next open Safari:
- Press Option-Command-Escape and use the force-quit dialogue to close Safari.
- In the Finder, hold the Option key and choose Library from the Go menu.
- Go to the Saved Application State folder in the Library.
- Locate and remove the folder called “com.apple.Safari.savedState.”
Now when you launch Safari, none of your previous windows will appear, and you can manually re-open any pages you had open previously.