Hackers have exploited a critical vulnerability in major web browsers, including Apple Safari, Google Chrome, and Mozilla Firefox, allowing them to breach private networks protected by firewalls.

This flaw, linked to the handling of the 0.0.0.0 IP address, has been present for nearly two decades. Instead of discarding queries to 0.0.0.0, these browsers redirect them to other IP addresses, including “localhost,” an internal server used for testing code.

Researchers from Israeli cybersecurity firm Oligo discovered that hackers have been exploiting this by sending malicious requests to the 0.0.0.0 address, enabling them to access sensitive data. This exploit has been dubbed a “0.0.0.0-day” attack.

In a typical attack scenario, an attacker might lure a user to a seemingly harmless website, which then sends a malicious request to 0.0.0.0. Avi Lumelsky, an AI security researcher at Oligo, noted that such an attack could give hackers access to private network data and a wide range of potential attack vectors.

Buy Me a Coffee

These attacks mainly threaten users and businesses hosting web servers, which constitute a substantial number of Internet users. The researchers found they could also run rogue code on servers hosting the Ray AI framework, used by major companies like Amazon and Intel. This problem extends beyond Ray to any app that uses localhost and can be reached via 0.0.0.0, according to Lumelsky.

To counter this threat, Apple plans to block all website attempts to access 0.0.0.0 in the beta version of macOS 15 Sequoia. Google’s Chrome security team is also working on a similar solution.

READ
WordPress Plugin Vulnerability Allows Hackers to Install Malicious Code

However, Mozilla has not yet implemented a fix, citing potential compatibility issues for servers using 0.0.0.0 as a substitute for localhost. Despite these concerns, the risk of leaving the loophole open remains significant, as emphasized by Oligo’s cofounder and CTO, Gal Elbaz. Oligo’s findings, highlighting the widespread implications of the 0.0.0.0 vulnerability, will be presented at the upcoming DEF CON conference in Las Vegas, bringing further attention to this critical issue.