Long-overlooked security flaw puts sensitive data at risk; Apple and Google push urgent patches
Apple and Google are racing to address a critical security flaw in their web browsers that has potentially left millions of devices vulnerable to cybercriminal attacks. The flaw, linked to the IP address 0.0.0.0, was recently discovered by researchers at Israeli cybersecurity firm Oligo and has been in existence for as long as 18 years, according to a report by Forbes.
The vulnerability, now dubbed the “0.0.0.0-day attack” by Oligo AI security researcher Avi Lumelsky, could be exploited by malicious websites to send harmful requests through the IP address in question. If a user inadvertently clicks on a compromised link, attackers could gain unauthorised access to sensitive information stored on their device.
The flaw is particularly concerning for individuals and organisations that host their own web servers, although the potential scale of compromised systems is vast. Experts warn that this security issue should not be underestimated, given its widespread impact.
Apple has responded swiftly by announcing plans to block any attempts to exploit the 0.0.0.0 IP address in the upcoming public beta of macOS Sequoia and Safari 18. This fix will also be included in future updates to macOS Sonoma and macOS Ventura. Meanwhile, Google has yet to issue an official statement, but posts on Chrome Status indicate that the company is aware of the problem and is evaluating potential solutions.
Mozilla, however, has not provided any updates on whether it plans to address the vulnerability in its Firefox browser.
