Apple to Address '0.0.0.0' Security Vulnerability in Safari 18

Apple plans to block websites from attempting to send malicious requests to the IP address 0.0.0.0 on macOS Sequoia, according to Forbes. The means the change will be part of Safari 18, which will also be available for macOS Sonoma and macOS Ventura.


This decision comes after researchers from Israeli cybersecurity startup Oligo Security said they discovered a zero-day security vulnerability that allows a malicious actor to access private data on a user's internal private network. The researchers will present their findings at the DEF CON hacking conference in Las Vegas this weekend.

"Exploiting 0.0.0.0-day can let the attacker access the internal private network of the victim, opening a wide range of attack vectors," said Avi Lumelsky, a researcher at Oligo Security.

The researches responsibly disclosed the vulnerability to Apple, Google, and Mozilla. More details are available on the AppSec Village website.

macOS Sequoia and Safari 18 are currently in beta and will be widely released later this year.
This article, "Apple to Address '0.0.0.0' Security Vulnerability in Safari 18" first appeared on MacRumors.com

Discuss this article in our forums