Serious security vulnerabilities in Safari and Chrome have existed for 18 years

The vulnerability, related to the IP address 0.0.0.0, may have existed for 18 years but has not been discovered by developers until now.

Serious security vulnerabilities in Safari and Chrome have existed for 18 years Picture 1

Security researcher Avi Lumelsky of Oligo, Israel discovered this vulnerability and labeled it a "zero-day vulnerability" or "0.0.0.0-day attack" due to lack of prior awareness. This vulnerability is believed to be being exploited by cybercriminals to compromise devices and satellite data, so it needs to be patched immediately.

The "0.0.0.0-day attack" involves malicious websites capable of sending malicious requests through IP address 0.0.0.0. An attacker could gain unauthorized access to sensitive information on a user's device if they accidentally click on a malicious link.

According to experts, the potential scale of compromised systems is huge so users the potential scale of compromised systems is huge. This vulnerability primarily affects individuals and organizations hosting their own web servers.

After the information was discovered, Apple announced plans to block any attempts to exploit the IP address in question from websites. A fix will be released in the upcoming public beta of macOS Sequoia, alongside Safari 18. A fix for macOS Sonoma and macOS Ventura will also be rolled out in the future.

Meanwhile, Google has not yet released an official statement, but it seems that the company is aware of this vulnerability and is considering many different solutions.

Lesley Montoya

Update 09 August 2024