Major Browsers Face Long-Standing Security Flaw Linked to 0.0.0.0 IP Address
- Aug 08, 2024
- 171
Recent reports have indicated a significant security weakness in the browsers developed by Apple, Google, and Mozilla, a flaw that has reportedly persisted for several years. This zero-day vulnerability involves the IP address 0.0.0.0, which remains private to users' devices. The exploit provides malicious actors an avenue to transmit queries that could compromise system security and lead to data theft. Both Apple and Google are taking steps to address this issue in their respective Safari and Chrome browsers, while Mozilla has yet to announce any plans regarding its Firefox browser.
A Forbes report suggests that the exploit associated with the 0.0.0.0 IP address could have been present in major browsers for nearly 18 years, unbeknownst to developers. This lack of awareness is the reason for the designation as a zero-day vulnerability, as developers had no prior notice to remediate the defect. Researchers from the Israeli cybersecurity firm Oligo are credited with uncovering the flaw.
If a user inadvertently engages with a malicious website, that site might utilize the 0.0.0.0 IP address to send harmful requests aimed at accessing sensitive files. Oligo AI's security researcher Avi Lumelsky referred to this threat as the "0.0.0.0-day" attack, indicating that potential attackers could exploit this vulnerability to penetrate device security and retrieve confidential information.
The potential for such attacks primarily affects those individuals and businesses that run their own web servers. Nonetheless, the report underscores the substantial number of systems that could be compromised, signaling that the security risk in question is serious and demands attention.
According to the same report, Apple has informed the publication of its intent to block all queries directed at the vulnerable IP address with the forthcoming public beta version of macOS Sequoia. Consequently, this update will coincide with Safari 18 and is expected to be made available for macOS Sonoma and macOS Ventura.
While Google has yet to officially announce its strategy for addressing the security flaw, it has shared several updates on Chrome Status that recognize the issue and outline possible solutions. In contrast, Mozilla has not yet provided any updates regarding the vulnerability in its Firefox browser.