Security Researchers Reveal 0.0.0.0 Day Vulnerability - Are You Secured?

Online vulnerabilities place users in a very dangerous situation no matter its size. Whether personal or business, getting attacked online through vulnerabilities could be costly. This is the reason why security experts announce these vulnerabilities in order for them to be addressed as soon as possible and before any major problem occur. Unfortunately, some may have already been exposed and exploited.

So when you’re talking about a browser vulnerability that has been in the open for 18 years, you know someone has been exposed - it’s just that no one knows the magnitude of the vulnerability.

Exploring the 0.0.0.0 Vulnerability

Oligo Security recently announced the discovery of a bug they call “0.0.0.0 Day” and they describe the vulnerability as the following:

“...exposes a fundamental flaw in how browsers handle network requests, potentially granting malicious actors access to sensitive services running on local devices.”

They found out that websites can actually gain access to local networks and eventually local servers by exploiting the use of the 0.0.0.0 IP address. It’s a pretty straightforward operation because researchers were able to communicate with the server using Javascript code already embedded in the external domain. It’s a scary scenario considering a local server could be accessed as soon as a website is loaded on a computer.

Why 0.0.0.0?

The use of 0.0.0.0 is very common in local network communication. In simplest terms, the IP address 0.0.0.0 is being used to allow all network communications within the same server. Think of it as a way of allowing everyone to talk instead of specifying which IP address is allowed to talk.

This is extremely useful to large businesses since specifying an IP address could just require additional manpower and setup within the network. Unfortunately, this also means vulnerability as demonstrated by the latest security report.

Who is Affected with 0.0.0.0 Day Vulnerability?

According to the research report, MacOS and Linux computers running with Chromium, Firefox, Safari browsers are vulnerable to this type of attack. Windows users are not affected by this vulnerability.

While many people use Windows as their main OS, the number of MacOS and Linux users remains significant, leaving a substantial number of people vulnerable. The following is the breakdown of desktop OS used worldwide as of March 2024 according to StatCounter:

Windows - 72.47%

OS X - 14.68%

Unknown - 6.52%

Linux - 4.05%

Chrome OS - 2.27%

It should be noted that the “Unknown” Operating Systems could also be another flavor of Linux which means they could still be vulnerable to this type of attack. Millions of users on a daily basis are potential victims to this type of vulnerability.

Preventing the Attacks

While vulnerabilities exist, there are solutions in place that could prevent this type of attack in the future. Increased protection and limitation of access should be implemented primarily on local applications since this is the focus of the attacks.

One of the highly recommended practices to prevent local application access is to use PNA Headers. According to Chrome’s Developer Blog, “Chrome is deprecating direct access to private network endpoints from public websites as part of the Private Network Access (PNA) specification.”

It should also help when the local application implemented within the network uses HTTPS connectivity. Vulnerabilities in HTTP are inherent as websites have moved on to a much more secure HTTPS, local applications should also do the same to beef up their security.

Vulnerabilities to attacks online will always exist. It is important for network administrators to ensure their local network is protected from outside attacks as much as possible. Proactive measures ensure quick attention to any security problems and should ensure minimal to no damage to local users.