Skip to main content

macOS Sequoia to fix exploit that lets hackers access internal networks

Apple and other tech companies are constantly looking for ways to improve the security of their operating systems. Even so, some things go unnoticed. An exploit from 18 years ago is still being actively used by hackers to access internal networks, but Apple has already confirmed that it will fix this with macOS Sequoia.

Exploit in macOS makes it easy for hackers to access private networks

Oligo security researchers have detailed how the exploit works. Essentially, hackers take advantage of the way web browsers like Safari, Chrome, and Firefox handle queries to a 0.0.0.0 IP address by redirecting those queries to other IP addresses.

In some cases, these requests are redirected to “localhost,” which is often used as a local internal server for testing in-development code. In this way, hackers are able to collect files and other private data from company servers. “Developer code and internal messaging are good examples of some of the info that can be accessed right away,” said researcher Avi Lumelsky.

According to the researchers, some hackers even manage to run rogue code on servers hosting the Ray AI framework used to train artificial intelligence models by companies like Amazon and Intel. Interestingly, such attacks are only possible on macOS and Linux, as Microsoft has chosen to block 0.0.0.0 on Windows.

Apple is working on a fix

Following the repercussions, Apple told Forbes that it will block all attempts by websites to access 0.0.0.0 with macOS Sequoia beta. It’s unclear whether the patch is already there in the latest beta or whether it will come with a future update. Google’s security team has said it plans to do the same with a future Chrome update.

As for Firefox, Mozilla is yet to come up with a solution. A spokesperson for the company says they have concerns about imposing such restrictions as they could lead to “compatibility problems.”

Oligo researchers will share more details about their findings this weekend at the DEF CON conference in Las Vegas.

Read also:

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Filipe Espósito Filipe Espósito

Filipe Espósito is a Brazilian tech Journalist who started covering Apple news on iHelp BR with some exclusive scoops — including the reveal of the new Apple Watch Series 5 models in titanium and ceramic. He joined 9to5Mac to share even more tech news around the world.

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications