Apple, Google to Reportedly Fix a Major Security Flaw in Safari and Chrome Browsers

Apple Safari and Google Chrome browsers reportedly accept queries to the 0.0.0.0 IP address which can be exploited.

Written by Akash Dutta, Edited by Siddharth Suvarna | Updated: 8 August 2024 17:30 IST

Highlights

Apple is said to be fixing the loophole with macOS Sequoia
Google has also made announcements about ending the vulnerability
The vulnerability was found by Israeli cybersecurity firm Oligo Security

Apple, Google to Reportedly Fix a Major Security Flaw in Safari and Chrome Browsers

Mozilla Firefox is also said to have the security flaw but the company has not announced any fix so far

Photo Credit: Pexels/Deepanker Verma

Apple, Google, and Mozilla's browsers reportedly have a major security vulnerability which has existed for years. The zero-day vulnerability is related to the IP address 0.0.0.0 that is private to the user's device. The exploit can allow bad actors to send queries through it to breach the system and steal data. As per the report, both Apple and Google are working to fix the loophole for Safari and Chrome browsers respectively. However, Mozilla has not revealed if it plans to issue a fix for its Firefox browser.

Apple and Google Might Fix the 0.0.0.0 Vulnerability

According to a report by Forbes, the 0.0.0.0 exploit could have existed in major browsers for as long as 18 years, however, it was not known by the developers. This is why it is being called a zero-day vulnerability since developers had zero days to patch the issue. The exploit is said to have been discovered by researchers at Israel-based cybersecurity firm Oligo.

Malicious websites can potentially send malicious requests to access files via the 0.0.0.0 IP address if a user falls for a scam and opens the link. Dubbing it the “0.0.0.0-day” attack, Oligo AI security researcher Avi Lumelsky told the publication that the vulnerability could be used by a hacker to breach the security of the device and access private data.

WhatsApp for Windows Might Allow Execution of Malicious Files

While such attacks can only affect individuals and enterprises that host their own web servers, the report highlights that the number of systems that can be compromised is still very high and the security flaw cannot be taken lightly.

As per the report, Apple has told the publication that it will be blocking all attempts from websites to send queries to the IP address in question with the public beta version of macOS Sequoia. This means the update will be shipped with Safari 18, and will likely be made available for macOS Sonoma and macOS Ventura.

While Google has not made a formal announcement to fix the vulnerability, it has made several posts on Chrome Status highlighting the issue and proposals of fixing it. On the other hand, Mozilla is yet to make any announcements on fixing the issue on the Firefox browser.

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.