XPost: misc.phone.mobile.iphone, comp.os.ipad
Apple will reportedly fix the 18-year-old 0.0.0' security vulnerability
flaw with Safari 18 update
https://www.thehindu.com/sci-tech/technology/internet/apple-google-to-fix-a-decade-old-flaw-that-could-compromise-security-on-their-browsers/article68500422.ece
\
https://www.timesnownews.com/technology-science/hackers-exploited-security-vulnerability-in-safari-apple-to-release-fix-all-you-need-to-know-article-112370086
Apple will reportedly fix an 18-year-old exploit in its latest update for
the Safari browser. The fix will be available for macOS Sonoma and macOS Ventura, a report from Forbes said.
Known as the '0.0.0' security vulnerability, the exploit can be used by websites to send malicious requests to a browser.
These malicious requests can be used by attackers to access internal
private networks available on the victims' device, opening their
organisations network to a plethora of attack vectors.
Security researchers say the exploit can also be used by attackers to run
rogue code on servers which are used to run AI frameworks by companies like Amazon and Intel. However, this is possible only on macOS and Linux, as Microsoft has chosen to block 0.0.0 on Windows.
Hackers make use of the exploit by taking advantage of the way web browsers like Safari, Chrome, and Firefox handle queries to a 0.0.0. IP address by redirecting those queries to other IP addresses. In some cases, the
requests are redirected to a local host which is used as a local internal server for testing pre-release code. This allows hackers to collected information and private data from company servers.
It is unclear if Apple has already released a for the exploit in its latest beta or if it will be added later.
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)