Cybersecurity researchers have uncovered a serious browser vulnerability, dubbed the “0.0.0.0 Day,” that puts MacOS and Linux devices at risk. This flaw, which has been around for 18 years, could allow malicious websites to breach local networks and execute unauthorized code.
What is the 0.0.0.0 Day Vulnerability?
The 0.0.0.0 Day vulnerability is rooted in how major web browsers handle network requests. According to Avi Lumelsky from Oligo Security, this flaw could let attackers access sensitive services running on local devices. The problem stems from inconsistent security implementations across different browsers.
Which Browsers Are Affected?
The vulnerability impacts popular browsers such as Google Chrome, Mozilla Firefox, and Apple Safari. Notably, it does not affect Windows devices, as Microsoft blocks the IP address 0.0.0.0 at the system level.
How Does the Exploit Work?
Hackers can exploit the vulnerability by using the IP address 0.0.0.0 to target local services. Public websites, especially those with “.com” domains, can use this loophole to communicate with services on a local network, bypassing security measures like Private Network Access (PNA). This can lead to remote code execution (RCE) attacks.
For example, any application running on localhost that is accessible through 0.0.0.0, like a local Selenium Grid instance, can be compromised by sending a specially crafted POST request to 0.0.0.0:4444.
Why is This Vulnerability Dangerous?
Services that use localhost are often assumed to be in a secure environment. However, this vulnerability shows that assumption can be faulty, leading to insecure server setups. Attackers can exploit 0.0.0.0 together with the “no-cors” mode to attack local services, potentially gaining full control over the device.
Upcoming Security Patches
In response to this discovery, web browsers are expected to block access to 0.0.0.0 by April 2024. This move aims to prevent public websites from directly accessing private network endpoints and reduce the risk of exploitation.
Expert Insight
Lumelsky stated, “Services running on localhost are often considered safe, but this vulnerability shows that this is not always true. Attackers can use 0.0.0.0 to bypass these assumptions and execute malicious code.”
Disclaimer
NextNews strives for accurate tech news, but use it with caution - content changes often, external links may be iffy, and technical glitches happen. See full disclaimer for details.