Cybersecurity researchers have found an underlying security flaw in popular web browsers like Chrome, Safari, and Mozilla that could be used by hackers to gain access to the private networks of businesses and individuals. Based on the research carried out by Israeli cybersecurity startup Oligo, attackers would be able to access files, messages, credentials, and other data stored on a computer or device that is the "localhost" in a private network. Fundamentally, the loophole was found in how browsers reroute queries sent to the internet protocol (IP) address 0.0.0.0. What is the loophole? To fully understand how the security vulnerability was exploited, we first need to know what a localhost is. Localhost is a web server that is hosted by a local computer or private network. The IP address of localhost is usually 127.0.0.1. While querying IP addresses is a way to contact different computers or servers over the internet, pinging 127.0.0.1 is like talking to your own computer or network. Querying the IP address of localhost (also known as the loopback address) can come in handy if you’re testing a web application or programme, running speed tests, or looking to block certain sites so that they are not accessible on your private network. So far, queries sent to IP address 0.0.0.0 have been rerouted by web browsers to other IP addresses, including the localhost address. This has been happening for years, according to the researchers. How was the loophole exploited? For a 0.0.0.0 day attack, hackers will trick victims into visiting an innocuous website and send a malicious request to access files via the 0.0.0.0 IP address. By hitting 0.0.0.0 and being redirected to localhost, hackers are able to grab data from the system, the researchers found. With this modus operandi, the Oligo team said that they were able to run rogue code on an AI platform called Ray, used by the likes of Amazon and Intel to manage complex AI/ML workloads. What is being done to patch the vulnerability? Apple and Google are reportedly working on rectifying the issue by closing the loophole. According to Forbes, the iPhone-maker will block all attempts from websites to query the 0.0.0.0 IP address in the beta version of the macOS 15 Sequoia. Google Chrome’s security team is also looking to do the same, the report said. Meanwhile, Microsoft reportedly chose to block the 0.0.0.0 IP address on its operating systems a while ago. Mozilla, on the other hand, seemed to disagree that blocking 0.0.0.0 was the right solution. “Imposing tighter restrictions comes with a significant risk of introducing compatibility problems [.] As the standards discussion and work to understand those compatibility risks is ongoing, Firefox has not implemented any of the proposed restrictions. We plan to continue our engagement in that process,” a Mozilla spokesperson was quoted as saying.
