Apple and Google are reportedly working to address a significant security vulnerability present in their web browsers for several years.
This vulnerability, related to the IP address 0.0.0.0, is believed to have been exploited by cybercriminals to compromise devices and satellite data. According to a report from Forbes, this security flaw may have existed for 18 years without being discovered by developers until now. The Israeli cybersecurity researcher Oligo was the first to uncover the vulnerability, resulting in it being classified as a “zero-day vulnerability” due to its lack of prior awareness and the need for immediate patching.
The Oligo security researcher Avi Lumelsky has labeled it a “0.0.0.0-day attack,” which involves malicious websites capable of sending harmful requests via the IP address 0.0.0.0. Clicking on a malicious link could give attackers unauthorized access to sensitive information on a user’s device.
While this vulnerability primarily impacts individuals and organizations hosting their web servers, the potential scale of compromised systems is substantial, and experts emphasize that it should not be underestimated.
After the discovery, Apple has announced plans to block any attempts to exploit the IP address from websites. This fix will be included in the upcoming public beta of macOS Sequoia, along with Safari 18. The company also intends to roll out the fix to macOS Sonoma and macOS Ventura in the future.
Meanwhile, Google has yet to issue an official statement, but several posts on Chrome Status show that the company is aware of the problem and is considering various solutions. In contrast, Mozilla has not yet provided any updates on whether it has addressed the vulnerability in its Firefox browser.
