Friend
Professional
- Messages
- 2,671
- Reaction score
- 1,104
- Points
- 113
How a vulnerability in browsers allows hackers to access private networks via IP 0.0.0.0.
For the past 18 years, the world's largest browsers have left a loophole for hackers to break into the private networks of homes and businesses, according to a study published Wednesday.
Apple, Google, and Mozilla are working to address this vulnerability, which is related to how browsers process requests to the IP address 0.0.0.0. Chrome, Safari, and Firefox accept requests to 0.0.0.0 by redirecting them to other IP addresses, including "localhost" - a server on a network or computer that is usually private and used for code testing. Researchers at Oligo, an Israeli cybersecurity startup, found that hackers exploited this vulnerability by sending malicious requests to the IP address 0.0.0.0 of their targets, which allowed them to access data that was supposed to be confidential. This type of attack was called "0.0.0.0-day".
In a typical attack, a hacker tricks the victim into visiting their site, which seems harmless, but sends a malicious request to access files via 0.0.0.0. Examples of such information include developer data and internal messages. However, the most important thing is that using the "0.0.0.0-day" attack allows a hacker to gain access to the victim's internal private network, opening up a wide range of possible attack vectors.
Such attacks can affect people and companies hosting web servers, but still cover a significant number of vulnerable systems. The researchers found that they can also run malicious code on a server that uses the Ray AI framework to train artificial intelligence models used by large companies such as Amazon and Intel. The problem applies not only to Ray, but also to any application that uses localhost and is accessible via 0.0.0.0.
Such attacks have already been recorded. In June of this year, Google security developer David Adrian reported several cases where malware used this vulnerability to attack certain development tools. However, Windows systems are not affected by this vulnerability, as Microsoft blocks 0.0.0.0 in its operating system.
Apple has announced plans to block all attempts to access the 0.0.0.0 IP address in the upcoming macOS 15 Sequoia beta. This measure is aimed at improving the security of the operating system.
The Google Chromium and Chrome development teams also intend to implement similar blocking in their browsers. However, official comments from the company have not yet been received.
Mozilla, the creator of Firefox, has so far refrained from making such a decision. The reason lies in potential compatibility issues: some servers use the address 0.0.0.0 instead of localhost, and blocking it may disrupt their operation.
These changes reflect the growing focus of tech giants on cybersecurity and protecting user data.
The researchers believe that the risk of leaving 0.0.0.0 open remains significant. In their opinion, allowing access to this IP address opens access to many data that has been blocked for a long time.
The researchers plan to present their findings at the DEF CON conference, which will be held in Las Vegas this weekend.
Source
For the past 18 years, the world's largest browsers have left a loophole for hackers to break into the private networks of homes and businesses, according to a study published Wednesday.
Apple, Google, and Mozilla are working to address this vulnerability, which is related to how browsers process requests to the IP address 0.0.0.0. Chrome, Safari, and Firefox accept requests to 0.0.0.0 by redirecting them to other IP addresses, including "localhost" - a server on a network or computer that is usually private and used for code testing. Researchers at Oligo, an Israeli cybersecurity startup, found that hackers exploited this vulnerability by sending malicious requests to the IP address 0.0.0.0 of their targets, which allowed them to access data that was supposed to be confidential. This type of attack was called "0.0.0.0-day".
In a typical attack, a hacker tricks the victim into visiting their site, which seems harmless, but sends a malicious request to access files via 0.0.0.0. Examples of such information include developer data and internal messages. However, the most important thing is that using the "0.0.0.0-day" attack allows a hacker to gain access to the victim's internal private network, opening up a wide range of possible attack vectors.
Such attacks can affect people and companies hosting web servers, but still cover a significant number of vulnerable systems. The researchers found that they can also run malicious code on a server that uses the Ray AI framework to train artificial intelligence models used by large companies such as Amazon and Intel. The problem applies not only to Ray, but also to any application that uses localhost and is accessible via 0.0.0.0.
Such attacks have already been recorded. In June of this year, Google security developer David Adrian reported several cases where malware used this vulnerability to attack certain development tools. However, Windows systems are not affected by this vulnerability, as Microsoft blocks 0.0.0.0 in its operating system.
Apple has announced plans to block all attempts to access the 0.0.0.0 IP address in the upcoming macOS 15 Sequoia beta. This measure is aimed at improving the security of the operating system.
The Google Chromium and Chrome development teams also intend to implement similar blocking in their browsers. However, official comments from the company have not yet been received.
Mozilla, the creator of Firefox, has so far refrained from making such a decision. The reason lies in potential compatibility issues: some servers use the address 0.0.0.0 instead of localhost, and blocking it may disrupt their operation.
These changes reflect the growing focus of tech giants on cybersecurity and protecting user data.
The researchers believe that the risk of leaving 0.0.0.0 open remains significant. In their opinion, allowing access to this IP address opens access to many data that has been blocked for a long time.
The researchers plan to present their findings at the DEF CON conference, which will be held in Las Vegas this weekend.
Source
