0.0.0.0. Day – The 18-Year-Old Vulnerability That Can Compromise Linux and MacOS Users
- An 18-year-old vulnerability called 0.0.0.0 day is being exploited by threat actors to bypass the security protocols of major browsers such as Google Chrome, Firefox, and Apple Safari.
- It compromises both Linux and macOS devices. Windows devices are safe.
- Although the vulnerability was disclosed in 2006, it’s yet to be fixed.
Researchers at Oligo Security have recently discovered an 18-year-old vulnerability called “0.0.0.0 Day” that can be used to bypass security protocols of major browsers such as Google Chrome, Firefox, and Apple Safari.
Although the problem was disclosed 18 years ago, it remains unresolved to this date. All three browsers have acknowledged the issue and said that they are working towards a solution. Until then, it looks like users are on their own.
Now, the good news is that it doesn’t affect Windows, only Linux and macOS are at risk. So a lesser number of people will be impacted.
But the bad news is, that this vulnerability can be exploited to gain remote control over the device which in turn can allow the threat actor to change settings, access confidential documents, and in some cases, execute remote codes.
The consequences of this vulnerability are severe and both individuals and organizations are equally at risk.
And not just browsers, many applications are also at risk. The researchers gave out a list of such vulnerable applications which includes Selenium Grid, Pytorch Torchserve, and Ray.
About the Vulnerability
The root cause of the 0.0.0.0 day vulnerability is the lack of standardization in security mechanisms across different browsers which allows public websites to communicate with local network services with the help of the “wildcard” IP address 0.0.0.0.
For those who don’t know, the IP address 0.0.0.0 is often used as a placeholder or default address. On the surface, it’s a seemingly harmless IP address. But in the wrong hands, it can be exploited to access local services.
Now speaking of how it works, in simple terms, a malicious web page sends a request to 0.0.0.0 and a port of its choosing, it could also be processed by other services that are running locally on that same port, which would put them at risk of being compromised.
The worst part is this vulnerability also bypasses Private Network Access (PNA) – a protocol designed by Google to prevent public websites from directly accessing endpoints inside private networks.
So what can web browsers do now? The answer is pretty simple. They’ll have to start blocking access to 0.0.0.0 completely so that there’s no direct link between private network endpoints and public websites.
Here’s what the top 3 browsers have done so far to contain the risk
Google Chrome
- Evolving Private Network Access (PNA)
- Blocking 0.0.0.0 from Chrome 128, fully effective by Chrome 133.
Apple Safari
- Now blocks 0.0.0.0 access
- Requests to all-zero IP addresses are blocked.
Mozilla Firefox
- Will soon implement PNA
- Fetch specification updated to block 0.0.0.0.
Our Editorial Process
The Tech Report editorial policy is centered on providing helpful, accurate content that offers real value to our readers. We only work with experienced writers who have specific knowledge in the topics they cover, including latest developments in technology, online privacy, cryptocurrencies, software, and more. Our editorial policy ensures that each topic is researched and curated by our in-house editors. We maintain rigorous journalistic standards, and every article is 100% written by real authors.