A new zero-day exploit using the IP address 0.0.0.0 has surfaced, targeting Mac and Linux users through major web browsers like Safari, Chrome, and Firefox. Reported by cybersecurity firm Oligo, this flaw allows hackers to breach private networks by communicating with local software on these operating systems. Even Chromium-based browsers such as Microsoft Edge, Brave, and Opera are at risk, although Windows users remain unaffected.
Public websites can exploit this vulnerability by using the 0.0.0.0 address instead of localhost/127.0.0.1, potentially executing arbitrary code on a visitor’s device. Gal Elbaz, CTO of Oligo, emphasizes that “allowing 0.0.0.0 means allowing everything that has been blocked for years.”
Approximately 0.015% of websites use this IP address, equating to around 100,000 potential attack vectors. These exploits have been particularly aimed at AI workloads.
Apple plans to address this issue in the macOS 15 Sequoia beta release, with Safari WebKit already updated to block connections to 0.0.0.0. Chrome is also proposing similar fixes. However, Mozilla has yet to decide on a solution for Firefox, citing compatibility concerns.
