Apple, Google and Mozilla’s browsers reportedly have a major security hole that has existed for years. The zero-day hole is related to the IP address 0.0.0.0, which is private to the user’s device. The exploit could allow attackers to send queries through it to hack the system and steal data. According to the report, both Apple and Google are working on patching the hole for Safari and Chrome, respectively. Mozilla, however, has not revealed whether it plans to release a patch for its Firefox browser.
Apple and Google can fix vulnerability 0.0.0.0
According to a report According to Forbes, the 0.0.0.0 exploit could have existed in major browsers for 18 years, but developers were unaware of it. That’s why it’s called a zero-day vulnerability, since developers had zero days to patch it. The exploit was reportedly discovered by researchers from Israeli cybersecurity firm Oligo.
Malicious websites could potentially send malicious requests to access files via the 0.0.0.0 IP address if a user falls for a scam and opens the link. Avi Lumelsky, security researcher at Oligo AI, dubbed it the “0.0.0.0-day” attack and told the publication that the vulnerability could be used by a hacker to breach the device’s security and gain access to private data.
While such attacks can only affect individuals and enterprises hosting their own web servers, the report emphasizes that the number of systems that could be compromised is still very high and this vulnerability should not be taken lightly.
According to the report, Apple told the publication that it will block all attempts from websites to send queries to the IP address in question with the macOS Sequoia public beta. This means the update will ship with Safari 18 and will likely be available for macOS Sonoma and macOS Ventura.
While Google has yet to make an official announcement to fix the vulnerability, it has already released several to inform on Chrome Status highlighting the issue and proposals to fix it. On the other hand, Mozilla has yet to make any announcements about fixing the issue in the Firefox browser.
