According to a report from Forbes (paid subscription required), Apple and Google are going to address a browser security vulnerability that has existed for nearly 20 years. The flaw is being presented by cybersecurity firm Oglio at Def Con later this week and involves a special-purpose IP address.
Devices connected to the internet use IP addresses to identify the device and location, and the 0.0.0.0 IP address is used in special circumstances (it is usually used as a fallback address until the real address is available). Oglio researchers found that hackers were exploiting the way Safari, Chrome, and Firefox handle requests to a 0.0.0.0 IP address. According to Forbes, the browsers send the requests “to other IP addresses, including ‘localhost,’ a server on a network or a computer that is typically private and often used to test code under development.” An attacker could send a request to the address to obtain private data.
Forbes confirmed with Apple that Safari in macOS Sequoia will block any website that attempts to contact the 0.0.0.0 IP address. Google published a blog post that outlines its plans to do the same with Chrome. Mozilla told Forbes that it has no plans to block 0.0.0.0 requests in Mozilla, but that the company is investigating the issue.
Since the fix is Safari-based and not OS-based, it will be included in Safari 18 when it becomes available for older versions of macOS, such as Sonoma and Ventura.
How to protect yourself from hacker attacks
Apple has built protections into macOS, and the company releases security fixes through operating system updates, so it’s important to install them as soon as they’re available. If Apple pulls an update, the company will re-release it as soon as it’s been properly revised with fixes.
igamesnews has several guides to help you, including a guide on whether or not you need antivirus software, a list of viruses, malware, and Trojans for Mac, and a comparison of Mac security software.