SI
SI
discoversearch

We've detected that you're using an ad content blocking browser plug-in or feature. Ads provide a critical source of revenue to the continued operation of Silicon Investor.  We ask that you disable ad blocking while on Silicon Investor in the best interests of our community.  If you are not using an ad blocker but are still receiving this message, make sure your browser's tracking protection is set to the 'standard' level.
Pastimes : Computer Learning

 Public ReplyPrvt ReplyMark as Last ReadFilePrevious 10Next 10PreviousNext  
From: Zen Dollar Round8/9/2024 10:51:08 PM
   of 110315
 
0.0.0.0 Day security flaw

Oligo Security analyzed a security flaw in multiple web browsers running on macOS and Linux that allows malicious remote access to local networked resources.
0.0.0.0 Day: Exploiting Localhost APIs From the Browser

Researchers at Oligo Security have disclosed a logical vulnerability to all major browsers (Chromium, Firefox, Safari) that enables external websites to communicate with (and potentially exploit) software that runs locally on MacOS and Linux. Windows is not impacted by this issue. Oligo Researchers have found that public websites (like domains ending in .com) are able to communicate with services running on the local network (localhost) and potentially execute arbitrary code on the visitor’s host by using the address 0.0.0.0 instead of localhost/127.0.0.1.
18-year-old security flaw in Firefox and Chrome exploited in attacks

Despite being reported in 2008, 18 years ago, this problem remains unresolved on Chrome, Firefox, and Safari, though all three have acknowledged the problem and are working towards a fix. Researchers at Oligo Security report that the risk not only makes attacks theoretically possible, but have observed multiple threat actors exploiting the vulnerability as part of their attack chains.
Report TOU ViolationShare This Post
 Public ReplyPrvt ReplyMark as Last ReadFilePrevious 10Next 10PreviousNext