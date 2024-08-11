Countries
Close
English English Portuguese Português (PT/BR) 한국어 Korean 한국어 Japanese 日本語 chinese 中文 vitenam Tiếng Việt
Home 0.0.0.0. Day – The 18-Year-Old Vulnerability That Can Compromise Linux and MacOS Users
News

0.0.0.0. Day – The 18-Year-Old Vulnerability That Can Compromise Linux and MacOS Users

Krishi Chowdhary Journalist Author expertise
Updated:
Disclosure
Disclosure
In our content, we occasionally include affiliate links. Should you click on these links, we may earn a commission, though this incurs no additional cost to you. Your use of this website signifies your acceptance of our terms and conditions as well as our privacy policy.

The Tech Report Why Trust Tech Report Arrow down

Tech Report is one of the oldest hardware, news, and tech review sites on the internet. We write helpful technology guides, unbiased product reviews, and report on the latest tech and crypto news. We maintain editorial independence and consider content quality and factual accuracy to be non-negotiable.

Close icon

  • An 18-year-old vulnerability called 0.0.0.0 day is being exploited by threat actors to bypass the security protocols of major browsers such as Google Chrome, Firefox, and Apple Safari.
  • It compromises both Linux and macOS devices. Windows devices are safe.
  • Although the vulnerability was disclosed in 2006, it’s yet to be fixed.

0.0.0.0. Day Vulnerability Is Compromising Linux and MacOS

Researchers at Oligo Security have recently discovered an 18-year-old vulnerability called “0.0.0.0 Day” that can be used to bypass security protocols of major browsers such as Google Chrome, Firefox, and Apple Safari.

Although the problem was disclosed 18 years ago, it remains unresolved to this date. All three browsers have acknowledged the issue and said that they are working towards a solution. Until then, it looks like users are on their own.

Now, the good news is that it doesn’t affect Windows, only Linux and macOS are at risk. So a lesser number of people will be impacted.

But the bad news is, that this vulnerability can be exploited to gain remote control over the device which in turn can allow the threat actor to change settings, access confidential documents, and in some cases, execute remote codes.

The consequences of this vulnerability are severe and both individuals and organizations are equally at risk.

And not just browsers, many applications are also at risk. The researchers gave out a list of such vulnerable applications which includes Selenium Grid, Pytorch Torchserve, and Ray.

About the Vulnerability 

The root cause of the 0.0.0.0 day vulnerability is the lack of standardization in security mechanisms across different browsers which allows public websites to communicate with local network services with the help of the “wildcard” IP address 0.0.0.0.

For those who don’t know, the IP address 0.0.0.0 is often used as a placeholder or default address. On the surface, it’s a seemingly harmless IP address. But in the wrong hands, it can be exploited to access local services.

0.0.0.0.
Credits: Oligo Security
Now speaking of how it works, in simple terms, a malicious web page sends a request to 0.0.0.0 and a port of its choosing, it could also be processed by other services that are running locally on that same port, which would put them at risk of being compromised.

The worst part is this vulnerability also bypasses Private Network Access (PNA) – a protocol designed by Google to prevent public websites from directly accessing endpoints inside private networks.

So what can web browsers do now? The answer is pretty simple. They’ll have to start blocking access to 0.0.0.0 completely so that there’s no direct link between private network endpoints and public websites.

Here’s what the top 3 browsers have done so far to contain the risk

Google Chrome 

  • Evolving Private Network Access (PNA)
  • Blocking 0.0.0.0 from Chrome 128, fully effective by Chrome 133.

Apple Safari 

  • Now blocks 0.0.0.0 access
  • Requests to all-zero IP addresses are blocked.

Mozilla Firefox

  • Will soon implement PNA
  • Fetch specification updated to block 0.0.0.0.

The Tech Report - Editorial ProcessOur Editorial Process

The Tech Report editorial policy is centered on providing helpful, accurate content that offers real value to our readers. We only work with experienced writers who have specific knowledge in the topics they cover, including latest developments in technology, online privacy, cryptocurrencies, software, and more. Our editorial policy ensures that each topic is researched and curated by our in-house editors. We maintain rigorous journalistic standards, and every article is 100% written by real authors.
Add Tech Report to your Google News feed

Question & Answers (0)

Have a question? Our panel of experts will answer your queries. Post your Question

Leave a Reply

Write a Review

Your email address will not be published. Required fields are marked *

Krishi Chowdhary Journalist

Krishi Chowdhary Journalist

Krishi is an eager Tech Journalist and content writer for both B2B and B2C, with a focus on making the process of purchasing software easier for businesses and enhancing their online presence and SEO.

Krishi has a special skill set in writing about technology news, creating educational content on customer relationship management (CRM) software, and recommending project management tools that can help small businesses increase their revenue.

Alongside his writing and blogging work, Krishi's other hobbies include studying the financial markets and cricket.

Most Popular News

1 0.0.0.0. Day – The 18-Year-Old Vulnerability That Can Compromise Linux and MacOS Users
2 Bitcoin New Addresses Indicate Fresh Interest from Retail Buyers
3 Palantir Shares Surge 11% After AI Partnership Announcement with Microsoft for US Defense
4 Coinbase Objects Proposed Ban on Specific Prediction Markets
5 TON Community Gets Free Access to Over 60 Advanced Analytics

Latest News

Bitcoin New Addresses Indicate Fresh Interest from Retail Buyers
Crypto News

Bitcoin New Addresses Indicate Fresh Interest from Retail Buyers

Rida Fatima
Palantir Shares Surge 11% After AI Partnership Announcement with Microsoft for US Defense
News

Palantir Shares Surge 11% After AI Partnership Announcement with Microsoft for US Defense

Rida Fatima

Palantir Technologies Inc. revealed a new partnership with Microsoft to provide AI services to U.S. Intelligence agencies.  In its statement on August 8, Palantir divulged the plans to integrate with...

Coinbase Objects Proposed Ban on Specific Prediction Markets
Crypto News

Coinbase Objects Proposed Ban on Specific Prediction Markets

Rida Fatima

Coinbase has strongly opposed the U.S. Commodity Futures Trading Commission’s (CFTC) proposed ban on certain types of prediction markets. The company argues that the move is both legally questionable and...

TON Community Gets Free Access to Over 60 Advanced Analytics
Crypto News

TON Community Gets Free Access to Over 60 Advanced Analytics

Rida Fatima
US Spot Bitcoin ETFs Record $192M in Inflows Amid Net Loss for ETH ETFs
Crypto News

US Spot Bitcoin ETFs Record $192M in Inflows Amid Net Loss for ETH ETFs

Rida Fatima
Fed's Operation Choke Point 2.0 Remains Firm Amid Enforcement Action on Crypto-Friendly Banks
Crypto News

Fed’s Operation Choke Point 2.0 Remains Firm Amid Enforcement Action on Crypto-Friendly Banks

Rida Fatima
Iranian Groups May Be Planning to Meddle with US Elections
News

Iranian Groups Are Stepping up Their Game to Meddle with US Elections

Krishi Chowdhary

REGULATION & HIGH RISK INVESTMENT WARNING: Trading Forex, CFDs and Cryptocurrencies is highly speculative, carries a level of risk and may not be suitable for all investors. You may lose some or all of your invested capital, therefore you should not speculate with capital that you cannot afford to lose. The content on this site should not be considered investment advice. Investing is speculative. When investing your capital is at risk. Please note that we do receive advertising fees for directing users to open an account with the brokers/advertisers and/or for driving traffic to the advertiser website.

Crypto promotions on this site do not comply with the UK Financial Promotions Regime and is not intended for UK consumers.

© Copyright 2024 The Tech Report Inc. All Rights Reserved.