Tech

18-Year Browser Flaw Affecting Apple, Chrome, and Mozilla Exposed, Forbes Reports

by Inside Telecom Staff
August 08, 2024

Reading time: 2 min

For 18 years, leading browsers had a flaw that allowed hackers to exploit private networks through the 0.0.0.0 IP address, as first reported by Forbes.

The main leading browsers affected by this vulnerability are Apple, Google Chrome, and Mozilla Firefox, discovered by Oligo startup. The discovered vulnerability enabled hackers to breach private networks, due to how browsers handle queries to the 0.0.0.0 IP address.

Silent, but Deadly, Threat

These search engines take the queries to be sent to 0.0.0.0 and then redirect them to other IP addresses such as “localhost” – private and used for testing development code.

It is usually breached by hackers to send malicious requests to the 0.0.0.0 IP address, gaining access to data that is supposed to be private. Researchers of Oligo named this vulnerability the “0.0.0.0-day” attack.

According to Oligo AI Security Researcher, Avi Lumelsky, “Exploiting 0.0.0.0-day can let the attacker access the internal private network of the victim, opening a wide range of attack vectors.”

How Does It Work?

In case of an attack, the vulnerability allows hackers to dupe targets into visiting what appear to be harmless sites. Once visited, the sites will make illicit requests to the 0.0.0.0 IP address for the loading of internal files and messages. While this primarily affects people hosting web servers, the vulnerable systems count is still very large.

Researchers discovered that the Ray AI framework is vulnerable to attacks, with prominent firms such as Amazon and Intel adopting it for training AI models. Hackers could execute rogue code on a server running Ray or any app which uses localhost reachable via 0.0.0.0.

Ray AI Framework

Ray AI, an open-source framework, provides the needed grounds for scalable and flexible deployment of AI and machine learning models on many machines. Ray supports a wide range of applications, such as reinforcement learning, hyperparameter tuning, and large-scale data processing.

Google security developer, David Adrian said in chromium forum in June that, “We’ve had multiple reports of malware leveraging this to attack specific developer tooling frameworks.”

Apple Macs and Microsoft-maintained Linux machines have a high potential of being impacted by such attacks. Windows, on the other hand, is not subject to them, since Microsoft has blocked 0.0.0.0 on its operating system (OS).

Quick to Reach a Solution

In a response to the discovered loophole, Apple told Forbes it will block all attempts to hit 0.0.0.0 in the beta version of macOS 15 Sequoia.

The Chromium, and Chrome security teams at Google, are already planning similar measures. Chromium is a speed-oriented, secure, and modern web standard-compliant open-source web browser project from which Google Chrome and other web browsers are derived.

However, Mozilla is yet to introduce a fix in Firefox due to concerns over potential compatibility problems.

Final Thoughts

The exposure of the 0.0.0.0 vulnerability in major leading browsers should raise an alarm that even the most trusted technologies could have lingering dangers.

The “0.0.0.0-day” attack underscores just how advanced in nature cyber threats can be, and particularly shows that caution must always be a priority when dealing with cyberattacks. As tech giants like Apple and Google rush to fix this flaw, one cannot deny that security is not to be ignored in any way, especially that the world is further moving towards digitalization.

Inside Telecom provides you with an extensive list of content covering all aspects of the tech industry. Keep an eye on our Tech sections to stay informed and up-to-date with our daily articles.

Tags: Apple China Inside Telecom Mozilla Firefox News Technology U.S.

The path to 100G

Atlys Launches in the UAE, Simplifying Visa Applications for Travelers

Who Is Trying to Ruin the Reputation of Comium, Monty Mobile, and Mountasser Hachem?

Five innovators to establish energy efficient Open RAN

Gamma Continues Drive for Enterprise Growth Across Europe, By Expanding Contact Centre Transformation Capabilities with Acquisition of Brightcloud Group

Enea, Zain KSA to Test New Network Security Solutions

It’s 2017 All Over Again, as FCC Debates Net Neutrality

Marine Cable Project, 2Africa, May Go Live in 2024

US Allocates $42 billion for Universal Access to High-Speed Broadband by 2030

Ericsson to Uplift India’s 5G

AI-Piloted Drones Could Help Prevent Wildfires

China Takes the Lead in AI Military

Google’s AI Generated Podcast Turns Research to Audio

Dubai's Tech Experts to Shape AI's Future, Says Minister of State of AI

ChatGPT Reaches 200 Million Weekly Users Globally

MyMonty: The New Era of Banking

Entering the Monty Multiverse at Seamless 2023

Seamless Dubai 2023 - From Concept to Reality: Shaffra Technologies Opens Doors to Metaverse Mastery

Take A Look in the Mirror. The Greatest Technology of All Will Stare Back at You

Monty Mobile Enters Multibillion-Dollar MNO Equipment Industry

US DoT’s New Safety Plan Introduces Car Communication

Little Girl Receives First Prosthetic Eye from MRI, CT Scans

DeepL’s AI Translation Software to Get Traditional Chinese

AI Now Knows You’re Drunk Behind the Wheel

Instagram Supports Researchers for Mental Health