Huge security flaw puts most popular Mac browsers at risk

Hackers are already flooding browsers with malware and phishing links. Now, researchers have discovered a security flaw that gives them direct access to services on your laptop.

This security vulnerability, known as 0.0.0.0 Day, affects all Chromium-based browsers, including Google Chrome, Firefox, Safari, and Edge.

What is worrying is that this security flaw has been present in these browsers for 18 years and has only been discovered now.

SIGN UP FOR KURT’S FREE NEWSLETTER AND GET IMMEDIATE ACCESS TO THE CYBERGUY REPORT

What you need to know

The 0.0.0.0 Day vulnerability was discovered by Israeli application security firm Oligo and later reported by The Hacker News. It involves the use of an IP address, 0.0.0.0, which is normally harmless. However, this flaw would allow attackers to misuse it to gain access and control local services on the computer.

The critical vulnerability “exposes a fundamental flaw in the way browsers handle web requests, potentially granting malicious actors access to sensitive services running on local devices,” said Avi Lumelsky, a researcher at Oligo Security.

Security researchers found that websites with the “.com” domain can communicate with services on the local network and run unauthorized code using the address 0.0.0.0. This vulnerability also allows them to bypass Private Network Access (PNA), which is designed to prevent public websites from directly accessing private network endpoints.

To put it simply, this vulnerability could allow third parties to hack into local services and perform unauthorized actions on your device.

The vulnerability affects browsers including Google Chrome, Edge, Safari, and Firefox on macOS and Linux devices. If you are a Windows user, you don’t need to worry as Microsoft blocks this IP address at the operating system level.

HERE’S WHAT RUTHLESS HACKERS STOLEN FROM 110 MILLION AT&T CUSTOMERS

Will a fix be available?

Chrome began blocking access to the 0.0.0.0 IP address with Chromium 128 in July. Google will gradually roll out this change, finalizing it in Chrome 133, when the IP address will be completely blocked for all Chrome and Chromium users.

Meanwhile, Apple has already updated WebKit, the browser engine used by Safari, to block access to 0.0.0.0. Mozilla has also blocked this IP address in Firefox. To protect yourself from being affected, keep your browser up to date.

HOW TO REMOVE YOUR PRIVATE DATA FROM THE INTERNET

Steps to update your browser

The best way to protect yourself from security vulnerabilities is to keep your browser up to date. Here are the steps to keep it up to date.

How to update Chrome

Open Google Chrome on your computerClick on three dots in the upper right cornerSelect HelpCrash About ChromeChrome will be automatically checks for updates. If an update is available, it will be downloaded and installed. Click Restart to complete the update process.

On mobile devices, you can update Chrome through the Google Play Store (Android) or App Store (iOS) by searching for the Chrome app and tapping it. Update if available

WORLD’S LARGEST DATABASE OF STOLEN PASSWORDS SHARED ON CRIMINAL FORUM

How to update Microsoft Edge

Open Microsoft EdgeClick on three dots in the upper right cornerSelect Help and feedbackCrash About Microsoft EdgeEdge automatically check for updates and install them if availableClick Restart to update Microsoft Edge and apply any updates

On mobile devices, updates can be downloaded through their respective app stores (Google Play Store for Android and App Store for iOS). To do this, search for the Edge app and tap Update, if available.

How to update Safari

On your Mac, open Apple MenuTo choose System settings To obtain General Crash Software update If there is an update available for Safari, click Update now.Follow the instructions to complete the installation.

For iOS devices, updates are done through the Settings app under General > Software Update.

How to update Mozilla Firefox

Open FirefoxClick on three horizontal lines (☰) in the upper right cornerSelect Hhelp Crash About FirefoxFirefox will be check for updates and download them automaticallyClick Restart to update Firefoxif the update has been installed

On mobile devices, you can update Firefox through the Google Play Store (Android) or App Store (iOS). To do this, search for the Firefox app and click Update, if available.

CLICK HERE FOR MORE US NEWS

GET FOX BUSINESS ON THE GO BY CLICKING HERE

Additional security measures to protect your data and devices

Below you will find additional steps to help protect yourself from hackers who exploit security holes.

1. Have strong antivirus software: Hackers often gain access to your devices by sending infected emails or documents or by tricking you into clicking a link that downloads malware. You can avoid all of this by installing strong antivirus software that will detect any potential threats before they take over your device or router.

The best way to protect yourself from malicious links that install malware, potentially accessing your private information, is to install strong antivirus software on all your devices. This protection can also warn you about phishing emails and ransomware scams, keeping your personal information and digital assets safe. Check out my picks for the best antivirus protection of 2024 for Windows, Mac, Android, and iOS devices.

2. Recognize urgent requests as potential scams: Always be wary if someone urgently asks you to do something like send money, provide personal information, or click on a link. Chances are it’s a scam.

3. Use strong and unique passwords: Create strong passwords for your accounts and devices, and avoid using the same password for multiple online accounts. Consider using a password manager to securely store and generate complex passwords. This will help you create unique, hard-to-crack passwords that a hacker will never guess. Second, it also tracks all of your passwords in one place and fills in your passwords for you when you log in to your account, so you never have to remember them. The fewer passwords you remember, the less likely you are to reuse them across your accounts. Read more about my expert-reviewed best password managers of 2024 here.

4. Enable two-factor authentication: Turn on two-factor authentication whenever possible. This adds an extra layer of security by requiring a second form of verification, such as a code sent to your phone, in addition to your password.

ANDROID USERS AT RISK AS BANKING TROJAN ATTACKS MORE APPS

Kurt’s Key Takeaways

Given the recently discovered 0.0.0.0 Day vulnerability, it is more important than ever to keep your browser up to date. While major browser vendors are actively working on a fix, staying up to date with software updates is key to protecting your device. To further protect your online experience, be cautious of suspicious links, practice safe browsing habits, and check for updates regularly.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Given the recent discovery of the 0.0.0.0 Day security flaw that affects major browsers like Google Chrome, Firefox, Safari, and Edge, and has been around for 18 years, do you think tech companies are doing enough to keep their products secure and protect users from such long-standing security flaws? Let us know by writing to us atCyberguy.com/Contact

For more tech tips and security alerts, sign up for my free CyberGuy Report newsletter by going to Cyberguy.com/Newsletter

Ask Kurt a question or let us know what stories you’d like us to cover

Follow Kurt on his social media channels

FacebookYouTubeInstagram

Answers to CyberGuy’s most frequently asked questions:

What is the best way to protect your Mac, Windows, iPhone and Android devices from being hacked?What is the best way to stay private, secure and anonymous while browsing the web?How can I get rid of robocalls using data deletion apps and services?How do I delete my private data from the internet?