Apple and other tech companies are constantly looking for ways to improve the security of their operating systems. Even so, some things go unnoticed. An exploit from 18 years ago is still being actively used by hackers to access internal networks, but Apple has already confirmed that it will fix this with macOS Sequoia.
Exploit in macOS makes it easy for hackers to access private networks
Oligo security researchers have detailed how the exploit works. Essentially, hackers take advantage of the way web browsers like Safari, Chrome, and Firefox handle queries to a 0.0.0.0 IP address by redirecting those queries to other IP addresses.
In some cases, these requests are redirected to “localhost,” which is often used as a local internal server for testing in-development code. In this way, hackers are able to collect files and other private data from company servers. “Developer code and internal messaging are good examples of some of the info that can be accessed right away,” said researcher Avi Lumelsky.
According to the researchers, some hackers even manage to run rogue code on servers hosting the Ray AI framework used to train artificial intelligence models by companies like Amazon and Intel. Interestingly, such attacks are only possible on macOS and Linux, as Microsoft has chosen to block 0.0.0.0 on Windows.
Apple is working on a fix
Following the repercussions, Apple told Forbes that it will block all attempts by websites to access 0.0.0.0 with macOS Sequoia beta. It’s unclear whether the patch is already there in the latest beta or whether it will come with a future update. Google’s security team has said it plans to do the same with a future Chrome update.
As for Firefox, Mozilla is yet to come up with a solution. A spokesperson for the company says they have concerns about imposing such restrictions as they could lead to “compatibility problems.”
Oligo researchers will share more details about their findings this weekend at the DEF CON conference in Las Vegas.
Source: 9to5mac