SC Media reports that all major browsers, including Google Chrome, Apple Safari, Microsoft Edge and Mozilla Firefox, have been impacted by the 0.0.0.0 Day security flaw, which could be leveraged to infiltrate local networks and trigger remote code execution in macOS and Linux devices.
Malicious public sites facilitating crafted request delivery to the 0.0.0.0 IP address could be created by threat actors looking to exploit the vulnerability, which does not affect Windows systems due to operating system-level restrictions in accessing the IP address, an analysis from Oligo Security revealed.
Similar efforts to block the IP address have already been conducted by Google, Apple, and Mozilla. Such findings have prompted Oligo researchers to recommend CSRF token and PNA header implementation among app developers.
On the other hand, users have been urged by Synopsys Software Integrity Group Senior Sales Engineer Boris Cipot to impose IP address restrictions to local services and preventing interactions between the local host and external entities.
