Most browser vulnerabilities are usually fixed before they are made public. This is thanks to independent researchers who participate in the Bug Bounty programs of Google, Microsoft, Mozilla, Apple, and other companies. However, this is not always the case. And sometimes, security flaws appear that have been putting us at risk for years and years, as is the case with the Bug Bounty program. 0.0.0.0 Day.
If we search the Internet, we can see that there are signs of this vulnerability dating back more than 18 years. And, furthermore, it is not a flaw that has gone unnoticed and ignored by hackers, far from it. These hackers have been actively attacking all kinds of systems (especially routers) remotely by taking advantage of this flaw. However, a few days ago, the number of websites seeking to exploit this security flaw has skyrocketed. And, this time, alarm bells have gone off.
The malicious code to exploit this security flaw can be hidden anywhere. For example, I could hide on web pages so that when the victim enters, it is automatically exploited. But it can also hide in other programs, and even in scripts (many examples have been seen in Python, with libraries like Selenium) that we run on the computer.
But how does it work?
How the 0.0.0.0 Day bug works
He security flaw 0.0.0.0 Day is a vulnerability that has been around for 18 years and affects virtually all current web browsers on the market. This security flaw, in particular, allows hackers to attack other devices within our local networkor other services that are running within the machine itself, simply through a seemingly harmless IP, such as 0.0.0.0, which has given its name to the security flaw.
What the vulnerability does is that when we use a wildcard IP, such as 0.0.0.0, the server should ignore it. However, web browser engines identify them as normal IPs, route them to the destination, and even process them there. This way, for example, if we do a POST request to 0.0.0.0:4444 They could communicate with the service running on port 4444 of our server. But it doesn’t stop there, since, depending on the way in which the attack is carried out, it is even possible to execute remote code on the machines.
How to protect ourselves from security breach
Major web browsers have already begun taking steps to protect users from this serious vulnerability. Chrome, for example, you have already blocked access to version 0.0.0.0 of the URLs, Firefox is working on a new version with its patch (although it is still vulnerable) and Apple has already made changes to the WebKit of Safari to block these addresses in the next version of the browser.
The security researchers who discovered this vulnerability, Oligo, recommend that application developers add some security enhancements, such as PNA headers, a verification system for HOST headers, never trusting localhost, and using HTTPS in web requests.
Also, this time, the security flaw Only affects Linux and macOSwith Windows being the only operating system that is not affected by this problem. This way, for once, if we use Microsoft’s operating system, we won’t have to worry about anything.