NEWS
macOS Sequoia to Fix Exploit That Lets Hackers Access Internal Networks
540
2024-08-08
Posted by 3uTools

macOS Sequoia to Fix Exploit That Lets Hackers Access Internal Networks

 

Apple and other tech companies are constantly looking for ways to improve the security of their operating systems. Even so, some things go unnoticed. An exploit from 18 years ago is still being actively used by hackers to access internal networks, but Apple has already confirmed that it will fix this with macOS Sequoia.

 

Exploit in macOS makes it easy for hackers to access private networks

 

Oligo security researchers have detailed how the exploit works. Essentially, hackers take advantage of the way web browsers like Safari, Chrome, and Firefox handle queries to a 0.0.0.0 IP address by redirecting those queries to other IP addresses.

 

In some cases, these requests are redirected to “localhost,” which is often used as a local internal server for testing in-development code. In this way, hackers are able to collect files and other private data from company servers. “Developer code and internal messaging are good examples of some of the info that can be accessed right away,” said researcher Avi Lumelsky.

 

According to the researchers, some hackers even manage to run rogue code on servers hosting the Ray AI framework used to train artificial intelligence models by companies like Amazon and Intel. Interestingly, such attacks are only possible on macOS and Linux, as Microsoft has chosen to block 0.0.0.0 on Windows.

 

Apple is working on a fix

 

Following the repercussions, Apple told Forbes that it will block all attempts by websites to access 0.0.0.0 with macOS Sequoia beta. It’s unclear whether the patch is already there in the latest beta or whether it will come with a future update. Google’s security team has said it plans to do the same with a future Chrome update.

 

As for Firefox, Mozilla is yet to come up with a solution. A spokesperson for the company says they have concerns about imposing such restrictions as they could lead to “compatibility problems.”

 

Oligo researchers will share more details about their findings this weekend at the DEF CON conference in Las Vegas.

 

Source: 9to5mac

Related Articles
macOS High Sierra 10.13.2 Beta 4 Now Available Apple Releases macOS Catalina With Find My, Screen Time, and No More iTunes Apple Releases macOS Catalina 10.15.5 With Battery Health Management Features Apple Releases macOS Mojave 10.14.1 Supplemental Update for 2018 MacBook Air Apple Seeds macOS Big Sur 11.0.1 Release Candidate to Developers Apple Releases First iOS 11.1, watchOS 4.1, tvOS 11.1, and macOS 10.13.1 Developer Betas MacOS 10.12.3 + iTunes 12.5.5 Hit the Mac App Store Apple Releases Fifth iOS 11.2, macOS 10.13.2, And tvOS 11.2 Betas