A zero-day flaw using the 0.0.0.0 IP address has seen a spike in use and been exploited by hackers in recent months, potentially putting users of major web browsers like Safari, Chrome, and Firefox on macOS or Linux at risk, a new report reveals.Cybersecurity firm Oligo reported the threat, which could allow hackers to breach private networks by communicating with local software on Mac or Linux operating systems. Safari, Firefox, and any Chromium-based web browsers are vulnerable to this threat, meaning Microsoft Edge, Brave, and Opera are technically exposed, too. Windows machines, however, are not affected by this flaw. Public websites can interact with services on the localhost or local network and could “execute arbitrary code on the visitor’s host by using the address 0.0.0.0 instead of localhost/127.0.0.1.,” the researchers explain in their post summarizing the exploit. “By allowing 0.0.0.0 you’re allowing all of the stuff that for years you’ve been blocking,” Gal Elbaz, cofounder and CTO of Oligo, tells Forbes. “By allowing 0.0.0.0 you’re basically allowing everything.”Oligo researchers note that 0.015% of all websites communicate this IP address, meaning about 100,000 websites could facilitate this attack. So far, hackers have reportedly been using this IP address as part of attacks on AI workloads.
Recommended by Our Editors
Apple will reportedly include its fix for this flaw in the macOS 15 Sequoia beta release by blocking the 0.0.0.0 address, and has updated its Safari WebKit to block connections to that IP. Chrome is proposing a similar fix for its browser, acknowledging that the 0.0.0.0 address allows users to get around its Private Network Access protection. Mozilla, however, has not yet decided how to address the issue with Firefox. “Imposing tighter restrictions comes with a significant risk of introducing compatibility problems,” a Mozilla spokesperson tells PCMag via email. “As the standards discussion and work to understand those compatibility risks is ongoing, Firefox has not implemented any of the proposed restrictions.”
Get Our Best Stories!
Sign up for What’s New Now to get our top stories delivered to your inbox every morning.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
