From linkedin.com
Israeli cyber security company Oligo has uncovered an 18-year-old vulnerability which they have dubbed “0.0.0.0 Day,” – a critical flaw that allows malicious websites to bypass browser security measures in Google Chrome, Mozilla Firefox, and Apple Safari, enabling them to interact with services on a local network. This flaw enables unauthorized access and remote code execution on local services by attackers from outside the network.
Notably, this vulnerability only affects Linux and macOS devices, leaving Windows users unaffected.
The root of this issue lies in the inconsistent implementation of security mechanisms across various browsers, compounded by a lack of industry-wide standardization. Consequently, the seemingly innocuous IP address 0.0.0.0 can be exploited by attackers to target local services, which may include those used for development, operating systems, and internal networks.
The impact of the 0.0.0.0 Day vulnerability is widespread, affecting both individuals and organizations. The discovery of active exploitation campaigns, such as ShadowRay, highlights the urgency of addressing this vulnerability.