Connect with us

Hi, what are you looking for?

Tech

Critical 18-Year Vulnerability “0.0.0.0 Day” Threatens Major Browsers and Apps on Linux and macOS

Critical 18-Year Vulnerability "0.0.0.0 Day" Threatens Major Browsers and Apps on Linux and macOS
Critical 18-Year Vulnerability "0.0.0.0 Day" Threatens Major Browsers and Apps on Linux and macOS

Oligo Security researchers have recently brought to light a critical vulnerability, dubbed “0.0.0.0 Day,” which has persisted for 18 years and affects major web browsers like Google Chrome, Firefox, and Apple Safari. Despite its long history, the vulnerability remains unresolved, putting users at risk. Although the browser developers are now working on fixes, the issue still leaves Linux and macOS users vulnerable.

This vulnerability does not impact Windows users but poses a significant threat to those on Linux and macOS. Exploiting this flaw could allow attackers to remotely control affected devices, enabling them to alter settings, access sensitive data, and execute remote code. This makes the vulnerability a major concern for both individuals and organizations alike.

In addition to browsers, a range of applications are also susceptible to this flaw, including popular tools like Selenium Grid, Pytorch Torchserve, and Ray. The underlying cause of the 0.0.0.0 Day vulnerability is the inconsistent security mechanisms across different browsers, which permits public websites to communicate with local network services using the “wildcard” IP address 0.0.0.0.

Critical 18-Year Vulnerability "0.0.0.0 Day" Threatens Major Browsers and Apps on Linux and macOS

Critical 18-Year Vulnerability “0.0.0.0 Day” Threatens Major Browsers and Apps on Linux and macOS

The 0.0.0.0 IP address is generally used as a placeholder, but when exploited by malicious entities, it can grant access to local services. A malicious web page could send a request to 0.0.0.0 along with a specified port, which might then be processed by other local services running on that port, making them vulnerable.

Furthermore, this vulnerability can bypass Google’s Private Network Access (PNA) protocol, which was designed to block public websites from accessing private network endpoints.

To combat this threat, web browsers are taking action to block access to the 0.0.0.0 IP address. Google Chrome is rolling out updates to fully block 0.0.0.0 by version 133, while Apple Safari has already implemented measures to block all requests to zeroed IP addresses.

Mozilla Firefox is also updating its fetch specifications and will soon implement PNA to mitigate the risk associated with this long-standing vulnerability.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Tech

Threads is experimenting with a new feature that allows users to set a 24-hour timer on their posts. After this period, the post and...

News

AU10TIX, an Israeli company that verifies IDs for clients like TikTok, X, and Uber, accidentally left important admin credentials exposed for over a year....

News

Charles Hoskinson, the founder of Cardano, has voiced dissatisfaction with recent changes to Tron’s native stablecoin, USDD. He reacted to a report indicating that...

Tech

A team of international researchers has developed Live2Diff, an AI system that transforms live video streams into stylized content in near real-time. Named for...