Apple, Google to fix a decade-old flaw that could compromise security on their browsers: Report

Apple will reportedly fix an 18-year-old flaw with Safari 18 update; Google is also expected to fix the exploit in a future update.  

Published - August 08, 2024 02:05 pm IST

Apple will reportedly fix an 18-year-old flaw with Safari 18 update.

Apple will reportedly fix an 18-year-old flaw with Safari 18 update. | Photo Credit: Reuters

Apple will reportedly fix an 18-year-old exploit in its latest update for the Safari browser. The fix will be available for macOS Sonoma and macOS Ventura, a report from Forbes said.

Known as the ‘0.0.0’ security vulnerability, the exploit can be used by websites to send malicious requests to a browser.

These malicious requests can be used by attackers to access internal private networks available on the victims’ device, opening their organisations network to a plethora of attack vectors.

Security researchers say the exploit can also be used by attackers to run rogue code on servers which are used to run AI frameworks by companies like Amazon and Intel. However, this is possible only on macOS and Linux, as Microsoft has chosen to block 0.0.0 on Windows.

(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)

Hackers make use of the exploit by taking advantage of the way web browsers like Safari, Chrome, and Firefox handle queries to a 0.0.0. IP address by redirecting those queries to other IP addresses. In some cases, the requests are redirected to a local host which is used as a local internal server for testing pre-release code. This allows hackers to collected information and private data from company servers.

It is unclear if Apple has already released a for the exploit in its latest beta or if it will be added later. Meanwhile, Google also said they plan to fix the vulnerability with a future update.

0 / 0
Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in

Comments

Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.