Rocksolid Light

News from da outaworlds

mail  files  register  groups  login

Message-ID:  

BOFH excuse #24: network packets travelling uphill (use a carrier pigeon)

comp / comp.sys.mac.system / Re: Apple will reportedly fix an 18-year-old 0.0.0.0 vulnerability security flaw with Safari 18 update

SubjectAuthor
* Apple will reportedly fix an 18-year-old 0.0.0.0 vulnerability security flaw witEnrico Papaloma
`- Re: Apple will reportedly fix an 18-year-old 0.0.0.0 vulnerability security flawAlan Browne

1
Subject: Apple will reportedly fix an 18-year-old 0.0.0.0 vulnerability security flaw with Safari 18 update
From: Enrico Papaloma
Newsgroups: misc.phone.mobile.iphone, comp.sys.mac.system, comp.os.ipad
Organization: Gegeweb News Server
Date: Fri, 9 Aug 2024 00:33 UTC
Path: eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!news.gegeweb.eu!gegeweb.org!.POSTED.133-175-174-202.west.ap.gmo-isp.jp!not-for-mail
From: enrico@papaloma.net (Enrico Papaloma)
Newsgroups: misc.phone.mobile.iphone,comp.sys.mac.system,comp.os.ipad
Subject: Apple will reportedly fix an 18-year-old 0.0.0.0 vulnerability security flaw with Safari 18 update
Date: Thu, 8 Aug 2024 17:33:25 -0700
Organization: Gegeweb News Server
Message-ID: <v93o4m$12pe$1@news.gegeweb.eu>
Mime-Version: 1.0
Content-Transfer-Encoding: 8bit
Injection-Date: Fri, 9 Aug 2024 00:33:28 -0000 (UTC)
Injection-Info: news.gegeweb.eu; posting-account="adibella@usenet.local"; posting-host="133-175-174-202.west.ap.gmo-isp.jp:133.175.174.202";
logging-data="35630"; mail-complaints-to="abuse@gegeweb.eu"
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Thunderbird/102.6.1?Content-Type: text/plain; charset=UTF-8; format=flowed
Cancel-Lock: sha256:LikfJjLhasLnvvHiiJJ8rFqi5dzC4vqorWMTv9DgRcE=
Content-Language: en-US
View all headers

Apple will reportedly fix the 18-year-old 0.0.0' security vulnerability
flaw with Safari 18 update
https://www.thehindu.com/sci-tech/technology/internet/apple-google-to-fix-a-decade-old-flaw-that-could-compromise-security-on-their-browsers/article68500422.ece
\

https://www.timesnownews.com/technology-science/hackers-exploited-security-vulnerability-in-safari-apple-to-release-fix-all-you-need-to-know-article-112370086

Apple will reportedly fix an 18-year-old exploit in its latest update for
the Safari browser. The fix will be available for macOS Sonoma and macOS
Ventura, a report from Forbes said.

Known as the '0.0.0' security vulnerability, the exploit can be used by
websites to send malicious requests to a browser.

These malicious requests can be used by attackers to access internal
private networks available on the victims' device, opening their
organisations network to a plethora of attack vectors.

Security researchers say the exploit can also be used by attackers to run
rogue code on servers which are used to run AI frameworks by companies like
Amazon and Intel. However, this is possible only on macOS and Linux, as
Microsoft has chosen to block 0.0.0 on Windows.

Hackers make use of the exploit by taking advantage of the way web browsers
like Safari, Chrome, and Firefox handle queries to a 0.0.0. IP address by
redirecting those queries to other IP addresses. In some cases, the
requests are redirected to a local host which is used as a local internal
server for testing pre-release code. This allows hackers to collected
information and private data from company servers.

It is unclear if Apple has already released a for the exploit in its latest
beta or if it will be added later.

Subject: Re: Apple will reportedly fix an 18-year-old 0.0.0.0 vulnerability security flaw with Safari 18 update
From: Alan Browne
Newsgroups: misc.phone.mobile.iphone, comp.sys.mac.system, comp.os.ipad
Organization: UsenetServer - www.usenetserver.com
Date: Sat, 10 Aug 2024 15:50 UTC
References: 1
Path: eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!peer02.iad!feed-me.highwinds-media.com!news.highwinds-media.com!fx46.iad.POSTED!not-for-mail
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: Apple will reportedly fix an 18-year-old 0.0.0.0 vulnerability
security flaw with Safari 18 update
Content-Language: en-US
Newsgroups: misc.phone.mobile.iphone,comp.sys.mac.system,comp.os.ipad
References: <v93o4m$12pe$1@news.gegeweb.eu>
From: bitbucket@blackhole.com (Alan Browne)
In-Reply-To: <v93o4m$12pe$1@news.gegeweb.eu>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Lines: 12
Message-ID: <p%LtO.88247$COA2.50994@fx46.iad>
X-Complaints-To: abuse@usenetserver.com
NNTP-Posting-Date: Sat, 10 Aug 2024 15:50:45 UTC
Organization: UsenetServer - www.usenetserver.com
Date: Sat, 10 Aug 2024 11:50:45 -0400
X-Received-Bytes: 1158
View all headers

On 2024-08-08 20:33, Enrico Papaloma wrote:

> Hackers make use of the exploit by taking advantage of the way web browsers

If hackers had ever made use of this, it would have been a closed item
18 years ago.

--
"It would be a measureless disaster if Russian barbarism overlaid
the culture and independence of the ancient States of Europe."
Winston Churchill

1

rocksolid light 0.9.8
clearnet tor