Apple Safari and Google Chrome browsers reportedly accept queries to the 0.0.0.0 IP address which can be exploited.
Mozilla Firefox is also said to have the security flaw but the company has not announced any fix so far
Photo Credit: Pexels/Deepanker Verma
Apple, Google, and Mozilla's browsers reportedly have a major security vulnerability which has existed for years. The zero-day vulnerability is related to the IP address 0.0.0.0 that is private to the user's device. The exploit can allow bad actors to send queries through it to breach the system and steal data. As per the report, both Apple and Google are working to fix the loophole for Safari and Chrome browsers respectively. However, Mozilla has not revealed if it plans to issue a fix for its Firefox browser.
According to a report by Forbes, the 0.0.0.0 exploit could have existed in major browsers for as long as 18 years, however, it was not known by the developers. This is why it is being called a zero-day vulnerability since developers had zero days to patch the issue. The exploit is said to have been discovered by researchers at Israel-based cybersecurity firm Oligo.
Malicious websites can potentially send malicious requests to access files via the 0.0.0.0 IP address if a user falls for a scam and opens the link. Dubbing it the “0.0.0.0-day” attack, Oligo AI security researcher Avi Lumelsky told the publication that the vulnerability could be used by a hacker to breach the security of the device and access private data.
While such attacks can only affect individuals and enterprises that host their own web servers, the report highlights that the number of systems that can be compromised is still very high and the security flaw cannot be taken lightly.
As per the report, Apple has told the publication that it will be blocking all attempts from websites to send queries to the IP address in question with the public beta version of macOS Sequoia. This means the update will be shipped with Safari 18, and will likely be made available for macOS Sonoma and macOS Ventura.
While Google has not made a formal announcement to fix the vulnerability, it has made several posts on Chrome Status highlighting the issue and proposals of fixing it. On the other hand, Mozilla is yet to make any announcements on fixing the issue on the Firefox browser.
Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.