Some of the world’s biggest and most popular browsers are vulnerable to a flaw that allows threat actors to steal sensitive information from target endpoints, experts have warned.
Cybersecurity researchers from Oligo recently detailed the “0.0.0.0-day attack” – a way to abuse how Apple’s Safari, Google’s Chrome, and Mozilla’s Firefox handle queries to the 0.0.0.0 address.
Usually, the browsers would redirect the user to a different IP address, such as “localhost”, which is usually a server or computer on a private computer. However, by sending a malicious request to the target’s 0.0.0.0 IP address, the attackers are able to grab private data. This could be done via phishing or social engineering, where a victim would be somehow enticed into opening a malicious website.
Apple and Google working on a fix
The flaw is currently being exploited in the wild, the researchers said, as developers work on a permanent fix.
“Developer code and internal messaging are good examples of some of the info that can be accessed right away,” Avi Lumelsky, an AI security researcher at Oligo, told Forbes. “But more importantly, exploiting 0.0.0.0-day can let the attacker access the internal private network of the victim, opening a wide range of attack vectors.”
The attack vector is somewhat limited, since it only affects individuals and businesses hosting web servers. This still leaves a large attack surface, though.
There is evidence of in-the-wild abuse, too. A Google security developer confirmed it in a post on the Chromium forum earlier this year, but stated that the flaw can only be leveraged on Apple devices, since Microsoft blocks 0.0.0.0 in Windows, something Apple is planning on doing with macOS 15 Sequoia beta.
Google will do the same on Chromium and Chrome, leaving only Mozilla, which is currently exploring its options.
