There is a great awareness regarding cybersecurity these days. In recent years, we have seen that the number of scams as well as data leaks have increased significantly. Companies are constantly looking to strengthen their security. But there is a problem that big tech companies have failed to solve in the 18 years since it was first reported.
We are talking specifically about a security flaw present in Apple, Google and Mozilla browsers and “open” for more than 18 years, according to a recent study collected by Forbes. This gap focuses on the way browsers manage requests to IP 0.0.0.0, that even if this orientation may seem harmless, “it can become a dangerous tool.”
0.0.0.0 Days, a vulnerability “ignored” for 18 years
Allowing these requests in browsers can be used by any attacker, as revealed by Israeli cybersecurity company Oligo. In this case, attackers “simply” need toSend malicious requests to target IP address 0.0.0.0 to access your private information. A bug that has already been dubbed “0.0.0.0 Days,” in reference to the “Zero Days” vulnerabilities.
To successfully carry out his attack, the hacker would simply have to convince his victim to visit his website. Something that at first glance does not seem dangerous but which would allow access to the files via the IP 0.0.0.0 and obtain access messaging services and open other attack fronts This is what is really dangerous.
This is a bug that will primarily affect people and businesses that have some type of web server hosted on their network and are using an application through localhost.
The “good news” comes from users who have installed the Microsoft operating system, since the company has blocked access to version 0.0.0.0, but In the case of Macs, this is something that can still be exploited, as on any computer that installs Linux.
This lock is the most effective solution to close this security hole. Apple will do this at some point in its Safari browser in future beta versions of macOS 15 Sequoia. Chrome is also getting ready to do it, as they pointed out on their own support website. But the problem is still present in Firefox.
Mozilla has yet to find an effective solution to close the gap. Blocking access to 0.0.0.0 can have a fatal outcome for servers that access via localhost, making them inaccessible again. But this is where the “risk/benefit” balance comes in, and the researchers are clear about it: Leaving this gap open could be fatal for cybersecurity.
They are very direct in stating: “By allowing 0.0.0.0, you are allowing virtually everything” on all fronts that can be opened to cybercriminals. Fortunately, Apple is already going to take the necessary steps, like Chrome, to be able to close a bug that was actually reported in 2006 and went unnoticed until 18 years later.
Images | Kenny Eliason Desola – The Best of Kenny Eliason Desola
In Applesfera | iPhone 16: release date, price, models and everything we think we know about them
In Applesfera | This is what Mark Zuckerberg, Elon Musk or Tim Cook spend on their own security. The difference is appalling
