7.2.10 Ensure Pop-up Windows Are Blocked

Information

Bowser pop-up windows have long been one of the most annoying delivery mechanisms of unwanted web content. The content can be as unwanted content, including Not Safe For Work, or malicious content relying on a user interacting with the pop-up. Safari has a built-in capability to disable pop-ups that should be enabled.

Rationale:

Pop-up windows are almost always unwanted content and should be blocked.

Impact:

Obsolete web content delivery systems may still rely on pop-ups on internal web portals. Specific domains can be set to be allowed if absolutely necessary. Web Developers should update content to reduce risk in the environment so that no pop-ups are allowed

Solution

Profile Method:
Create or edit a configuration profile with the following information:

The PayloadType string is com.apple.Safari

The key to include is safariAllowPopups

The key must be set to: <false/>

See Also

https://workbench.cisecurity.org/benchmarks/14563

Item Details

Category: CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|CM-10, 800-53|SC-18, CSCv7|7.1

Plugin: Unix

Control ID: eeac37f9e7b504b65af9effdc09f0a21b65392624c3e732121303f1318458a0d