Deutsch English Français Italiano |
<v93o4m$12pe$1@news.gegeweb.eu> View for Bookmarking (what is this?) Look up another Usenet article |
Path: ...!3.eu.feeder.erje.net!2.eu.feeder.erje.net!feeder.erje.net!proxad.net!feeder1-2.proxad.net!usenet-fr.net!news.gegeweb.eu!gegeweb.org!.POSTED.133-175-174-202.west.ap.gmo-isp.jp!not-for-mail From: Enrico Papaloma <enrico@papaloma.net> Newsgroups: misc.phone.mobile.iphone,comp.sys.mac.system,comp.os.ipad Subject: Apple will reportedly fix an 18-year-old 0.0.0.0 vulnerability security flaw with Safari 18 update Date: Thu, 8 Aug 2024 17:33:25 -0700 Organization: Gegeweb News Server Message-ID: <v93o4m$12pe$1@news.gegeweb.eu> Mime-Version: 1.0 Content-Transfer-Encoding: 8bit Injection-Date: Fri, 9 Aug 2024 00:33:28 -0000 (UTC) Injection-Info: news.gegeweb.eu; posting-account="adibella@usenet.local"; posting-host="133-175-174-202.west.ap.gmo-isp.jp:133.175.174.202"; logging-data="35630"; mail-complaints-to="abuse@gegeweb.eu" User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Thunderbird/102.6.1?Content-Type: text/plain; charset=UTF-8; format=flowed Cancel-Lock: sha256:LikfJjLhasLnvvHiiJJ8rFqi5dzC4vqorWMTv9DgRcE= Content-Language: en-US Bytes: 2897 Lines: 32 Apple will reportedly fix the 18-year-old 0.0.0' security vulnerability flaw with Safari 18 update https://www.thehindu.com/sci-tech/technology/internet/apple-google-to-fix-a-decade-old-flaw-that-could-compromise-security-on-their-browsers/article68500422.ece \ https://www.timesnownews.com/technology-science/hackers-exploited-security-vulnerability-in-safari-apple-to-release-fix-all-you-need-to-know-article-112370086 Apple will reportedly fix an 18-year-old exploit in its latest update for the Safari browser. The fix will be available for macOS Sonoma and macOS Ventura, a report from Forbes said. Known as the '0.0.0' security vulnerability, the exploit can be used by websites to send malicious requests to a browser. These malicious requests can be used by attackers to access internal private networks available on the victims' device, opening their organisations network to a plethora of attack vectors. Security researchers say the exploit can also be used by attackers to run rogue code on servers which are used to run AI frameworks by companies like Amazon and Intel. However, this is possible only on macOS and Linux, as Microsoft has chosen to block 0.0.0 on Windows. Hackers make use of the exploit by taking advantage of the way web browsers like Safari, Chrome, and Firefox handle queries to a 0.0.0. IP address by redirecting those queries to other IP addresses. In some cases, the requests are redirected to a local host which is used as a local internal server for testing pre-release code. This allows hackers to collected information and private data from company servers. It is unclear if Apple has already released a for the exploit in its latest beta or if it will be added later.