After macOS gets exploited, Apple plans to fix these issues by blocking the website causing threats. Reportedly, macOS has been facing issues from an exploit that took place 18 years ago.
According to 9to5Mac, hackers target search engines such as Chrome, Firefox and Safari. Through the search engines they secretly drain data of users.
macOS faces exploitation
So, how does the exploit take place? Hackers handle queries to a 0.0.0.0 IP address by redirecting those queries to other IP addresses. Then most of these requests are redirected to “localhost,” which is often used as a local internal server for testing in-development code. In this way, hackers collect files and other private data from company servers.
Furthermore, Avi Lumelsky, who is a researcher, explained that “Developer code and internal messaging are good examples of some of the info that can be accessed right away,”
As reported by researchers from Oligo, which is an Israeli cybersecurity startup, some hackers even manage to run rogue code on servers hosting the Ray AI framework. Notably, these kinds of attacks are only possible on macOS and Linux. Ray AI framework is used to train artificial intelligence models by companies like Amazon and Intel.
Note that Microsoft is expected to not have to face such issues. This is because they have chosen to block 0.0.0.0 on Windows.
The safety nets
Apple explained to Forbes that it will block all attempts by websites to access 0.0.0.0 with macOS Sequoia beta. However, it’s not clear whether the patch is already there in the latest beta or whether it will come with a future update. Further, Google’s security team explained that it plans to do the same with a future Chrome update.
As for Firefox, Mozilla is yet to come up with a solution. A spokesperson for the company says they have concerns about imposing such restrictions as they could lead to “compatibility problems.” In addition to this Oligo researchers said that more details about their findings will be shared at the DEF CON conference in Las Vegas.
A few days ago the Government’s statutory agency for cybersecurity, Indian Computer Emergency Response Team (CERT-In), issued a critical warning to Apple users. The warning highlighted many vulnerabilities in various Apple products. This includes iPhones, iPads, Macs, and others. These vulnerabilities were found to initiate security bypasses, sensitive information leaks, arbitrary code execution, spoofing attacks and denial of service (DoS) attacks.
Follow FE Tech Bytes on Twitter, Instagram, LinkedIn, Facebook
