Hackers Exploit 18-Year-Old Vulnerability in Safari, Chrome, and Firefox

Cybersecurity researchers have uncovered a significant vulnerability that has left popular web browsers like Safari, Chrome, and Firefox susceptible to cyberattacks for nearly two decades (via Forbes).

The flaw, tied to the handling of queries to the IP address 0.0.0.0, has been a silent gateway for hackers to infiltrate private networks and steal sensitive data from individuals and businesses alike.

The vulnerability, dubbed a “0.0.0.0-day” exploit by experts at the Israeli cybersecurity firm Oligo, capitalizes on the way browsers manage requests to the 0.0.0.0 IP address. This address, typically used as a placeholder or default route, should ideally lead nowhere.

However, browsers like Chrome, Safari, and Firefox have been found to redirect these requests to other IP addresses, including “localhost.” Localhost refers to a private server on a network or a single computer, commonly utilized for testing purposes during software development.

According to Avi Lumelsky, an AI security researcher at Oligo, hackers have leveraged this flaw by sending malicious requests to the target’s 0.0.0.0 IP address. This tactic allows attackers to gain unauthorized access to files and data that should be securely confined within a private network.

“Developer code and internal messaging are among the types of information that can be compromised immediately,” Lumelsky explained. More concerning, however, is that this loophole opens the door to further breaches, enabling attackers to access the victim’s internal private network and explore a wide array of attack vectors.

In response to this revelation, Apple has confirmed plans to block all attempts from websites to access 0.0.0.0 in the upcoming beta version of macOS 15 Sequoia.

Similarly, Google’s Chromium and Chrome security teams are actively working on implementing the same restrictions, though the company has yet to provide an official statement.