0.0.0.0. Day – The 18-Year-Old Vulnerability That Can Compromise Linux and MacOS Users

by
Krishi Chowdhary
from Techreport on (#6PWR1)
bernd-dittrich-yzsENdnZXzw-unsplash-1200x800.jpg
  • An 18-year-old vulnerability called 0.0.0.0 day is being exploited by threat actors to bypass the security protocols of major browsers such as Google Chrome, Firefox, and Apple Safari.
  • It compromises both Linux and macOS devices. Windows devices are safe.
  • Although the vulnerability was disclosed in 2006, it's yet to be fixed.

bernd-dittrich-yzsENdnZXzw-unsplash-300x200.jpg

Researchers at Oligo Security have recently discovered an 18-year-old vulnerability called 0.0.0.0 Day" that can be used to bypass security protocols of major browsers such as Google Chrome, Firefox, and Apple Safari.

Although the problem was disclosed 18 years ago, it remains unresolved to this date. All three browsers have acknowledged the issue and said that they are working towards a solution. Until then, it looks like users are on their own.

Now, the good news is that it doesn't affect Windows, only Linux and macOS are at risk. So a lesser number of people will be impacted.

But the bad news is, that this vulnerability can be exploited to gain remote control over the device which in turn can allow the threat actor to change settings, access confidential documents, and in some cases, execute remote codes.

The consequences of this vulnerability are severe and both individuals and organizations are equally at risk.

And not just browsers, many applications are also at risk. The researchers gave out a list of such vulnerable applications which includes Selenium Grid, Pytorch Torchserve, and Ray.

About the Vulnerability

The root cause of the 0.0.0.0 day vulnerability is the lack of standardization in security mechanisms across different browsers which allows public websites to communicate with local network services with the help of the wildcard" IP address 0.0.0.0.

For those who don't know, the IP address 0.0.0.0 is often used as a placeholder or default address. On the surface, it's a seemingly harmless IP address. But in the wrong hands, it can be exploited to access local services.

0.0.0.0-300x141.pngCredits: Oligo SecurityNow speaking of how it works, in simple terms, a malicious web page sends a request to 0.0.0.0 and a port of its choosing, it could also be processed by other services that are running locally on that same port, which would put them at risk of being compromised.

The worst part is this vulnerability also bypasses Private Network Access (PNA) - a protocol designed by Google to prevent public websites from directly accessing endpoints inside private networks.

So what can web browsers do now? The answer is pretty simple. They'll have to start blocking access to 0.0.0.0 completely so that there's no direct link between private network endpoints and public websites.

Here's what the top 3 browsers have done so far to contain the risk

Google Chrome

  • Evolving Private Network Access (PNA)
  • Blocking 0.0.0.0 from Chrome 128, fully effective by Chrome 133.

Apple Safari

  • Now blocks 0.0.0.0 access
  • Requests to all-zero IP addresses are blocked.

Mozilla Firefox

  • Will soon implement PNA
  • Fetch specification updated to block 0.0.0.0.

The post 0.0.0.0. Day - The 18-Year-Old Vulnerability That Can Compromise Linux and MacOS Users appeared first on The Tech Report.

External Content
Source RSS or Atom Feed
Feed Location https://techreport.com/feed/
Feed Title Techreport
Feed Link https://techreport.com/
Reply 0 comments