Apple will reportedly fix an 18-year-old exploit in its latest update for the Safari browser. The fix will be available for macOS Sonoma and macOS Ventura, a report from Forbes said.
Known as the ‘0.0.0’ security vulnerability, the exploit can be used by websites to send malicious requests to a browser.
These malicious requests can be used by attackers to access internal private networks available on the victims’ device, opening their organisations network to a plethora of attack vectors.
Security researchers say the exploit can also be used by attackers to run rogue code on servers which are used to run AI frameworks by companies like Amazon and Intel. However, this is possible only on macOS and Linux, as Microsoft has chosen to block 0.0.0 on Windows.
(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)
Hackers make use of the exploit by taking advantage of the way web browsers like Safari, Chrome, and Firefox handle queries to a 0.0.0. IP address by redirecting those queries to other IP addresses. In some cases, the requests are redirected to a local host which is used as a local internal server for testing pre-release code. This allows hackers to collected information and private data from company servers.
It is unclear if Apple has already released a for the exploit in its latest beta or if it will be added later. Meanwhile, Google also said they plan to fix the vulnerability with a future update.
Published - August 08, 2024 02:05 pm IST