For 18 years, asecurity breachcriticism endangered the digital peace of macOS and Linux users. Researchers from Oligo, an Israeli company specializing in cybersecurity, recently discovered this vulnerability. The latter, which allowed malicious cybercriminals to infiltrate the most popular systems, including Safari, Chrome and Firefox,in order to illegally seize confidential data and compromise private networks.
Fortunately, Apple announcedimplementing a corrective solutionwith the imminent launch ofmacOS Sequoia, thus putting an end to this threat which weighed on millions of Internet users.
A fault that rises to the surface
It's inhandling requests addressed to the generic IP address 0.0.0.0, commonly used by developers to test their applications on local servers, where the said flaw resides.
Indeed, Safari, Chrome and Firefox, the most popular browsers, redirect these requests by default to internal IP addresses like “localhost”, thus offering attackersa wide open gateway to potentially vulnerable systems.
As Avi Lumelsky, AI security expert at Oligo explains,“Developer code and internal messaging are good examples of immediately accessible information.”
Although the consequences of such attacks are primarily felt by individuals and businesses hosting their own web servers, the high number of systems exposed to this riskstill a serious threat.
Reactions and corrective measures
In an effort to strengthen the security of its users, Apple has confirmednearForbesthat the next version of its Safari browser, integrated into macOS Sequoia, will finally put an end to attempts by websitesto exploit the vulnerability linked to the IP address 0.0.0.0.
This fix should be deployed by the end of the year (September or October) andwill block any unauthorized access to this address, thus preventing cybercriminals from carrying out their attacks.
Faced with this discovery, Google quickly reacted by announcing that its Chrome browserwould also benefit from a similar fixin the next updates. Mozilla, for its part, while recognizing the seriousness of the situation, was more cautious, fearing that too drastic restrictionsdo not compromise Firefox compatibilitywith certain websites.
This vulnerability, called« 0.0.0.0-day »by Oligo researchers, will certainly be a great subject for discussionat the DEF CON conference which will take place in Las Vegas this weekend. Security experts attending this event will have the opportunity to deepen their knowledge of this type of threat andto discuss best practices to remedy this.
- A critical, 18-year-old vulnerability allowed hackers to infiltrate macOS and Linux systems using Safari, Chrome and Firefox.
- The attackers took advantage of poor handling of requests to the IP address 0.0.0.0 by browsers to access sensitive data.
- Apple is preparing to roll out a patch by the end of the year and Google is following suit.
i-nfo.fr - Official iPhon.fr app
By : Keleops AG
