Sujet : Apple will reportedly fix an 18-year-old 0.0.0.0 vulnerability security flaw with Safari 18 update
De : enrico (at) *nospam* papaloma.net (Enrico Papaloma)
Groupes : misc.phone.mobile.iphone comp.sys.mac.system comp.os.ipadDate : 09. Aug 2024, 01:33:25
Autres entêtes
Organisation : Gegeweb News Server
Message-ID : <v93o4m$12pe$1@news.gegeweb.eu>
User-Agent : Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Thunderbird/102.6.1?Content-Type: text/plain; charset=UTF-8; format=flowed
Apple will reportedly fix the 18-year-old 0.0.0' security vulnerability
flaw with Safari 18 update
https://www.thehindu.com/sci-tech/technology/internet/apple-google-to-fix-a-decade-old-flaw-that-could-compromise-security-on-their-browsers/article68500422.ece\
https://www.timesnownews.com/technology-science/hackers-exploited-security-vulnerability-in-safari-apple-to-release-fix-all-you-need-to-know-article-112370086Apple will reportedly fix an 18-year-old exploit in its latest update for
the Safari browser. The fix will be available for macOS Sonoma and macOS
Ventura, a report from Forbes said.
Known as the '0.0.0' security vulnerability, the exploit can be used by
websites to send malicious requests to a browser.
These malicious requests can be used by attackers to access internal
private networks available on the victims' device, opening their
organisations network to a plethora of attack vectors.
Security researchers say the exploit can also be used by attackers to run
rogue code on servers which are used to run AI frameworks by companies like
Amazon and Intel. However, this is possible only on macOS and Linux, as
Microsoft has chosen to block 0.0.0 on Windows.
Hackers make use of the exploit by taking advantage of the way web browsers
like Safari, Chrome, and Firefox handle queries to a 0.0.0. IP address by
redirecting those queries to other IP addresses. In some cases, the
requests are redirected to a local host which is used as a local internal
server for testing pre-release code. This allows hackers to collected
information and private data from company servers.
It is unclear if Apple has already released a for the exploit in its latest
beta or if it will be added later.