¡Ö0.0.0.0¡×¤Ø¤Î¥¢¥¯¥»¥¹¤ò°­ÍѤ·¤Æ¥í¡¼¥«¥ë´Ä¶­¤Ë¿¯Æþ¤Ç¤­¤ëÀȼåÀ­¡Ö0.0.0.0 Day¡×¤¬È¯¸«¤µ¤ì¤ë

Chrome¡¢FireFox¡¢Safari¤È¤¤¤Ã¤¿¼çÍץ֥饦¥¶¤Ë¤ª¤±¤ëIP¥¢¥É¥ì¥¹¡Ö0.0.0.0¡×¤Î°·¤¤Êý¤ËÌäÂ꤬¤¢¤ê¡¢ÌäÂê¤ò°­ÍѤ¹¤ë¤³¤È¤Ç¹¶·â¼Ô¤¬¹¶·âÂÐ¾Ý¤Î¥í¡¼¥«¥ë´Ä¶­¤Ë¥¢¥¯¥»¥¹¤Ç¤­¤ë¤³¤È¤¬ÌÀ¤é¤«¤Ë¤Ê¤ê¤Þ¤·¤¿¡£ÌäÂê¤òȯ¸«¤·¤¿¥»¥­¥å¥ê¥Æ¥£´ë¶È¤ÎOligo Security¤Ï¡¢¤³¤ÎÀȼå(¤¼¤¤¤¸¤ã¤¯)À­¤ò¡Ö0.0.0.0 Day¡×¤È̾ÉÕ¤±¤ÆÃí°Õ´­µ¯¤·¤Æ¤¤¤Þ¤¹¡£

0.0.0.0 Day: Exploiting Localhost APIs From the Browser | Oligo Security

https://www.oligo.security/blog/0-0-0-0-day-exploiting-localhost-apis-from-the-browser



Oligo Security¤Ë¤è¤ë¤È¡¢¼çÍפʥ֥饦¥¶¤Ç¤Ï¡Ö¡Ø0.0.0.0¡Ù¤Ø¤Î¥¢¥¯¥»¥¹¤ò¡Ølocalhost (127.0.0.1)¡Ù¤Ë¥ê¥À¥¤¥ì¥¯¥È¤¹¤ë¡×¤È¤¤¤¦Æ°ºî¤¬ºÎÍѤµ¤ì¤Æ¤¤¤ë¤È¤Î¤³¤È¡£¤³¤ÎÆ°ºî¤ò°­ÍѤ¹¤ë¤È¡¢¡Ö°­°Õ¤¢¤ë¥³¡¼¥É¤ò´Þ¤à¥¦¥§¥Ö¥µ¥¤¥È¤ä¥á¡¼¥ë¤òºîÀ®¤·¡¢¥¢¥¯¥»¥¹¤·¤Æ¤­¤¿¹¶·âÂÐ¾Ý¤Î¥í¡¼¥«¥ë´Ä¶­¤Ë¿¯Æþ¤¹¤ë¡×¤È¤¤¤¦¹¶·â¤¬¼Â¹Ô²Äǽ¤Ë¤Ê¤ê¤Þ¤¹¡£

Oligo Security¤ÏAI½èÍý¥Õ¥ì¡¼¥à¥ï¡¼¥¯¡ÖRay¡×¤Ë¸ºß¤¹¤ëÀȼåÀ­¡ÖShadowRay¡×¤Èº£²óȯ¸«¤·¤¿¡Ö0.0.0.0 Day¡×¤òÁȤ߹ç¤ï¤»¤ë¤³¤È¤Ç¡¢Ray¤ò¼Â¹Ô¤·¤Æ¤¤¤ë¹¶·âÂÐ¾Ý¤Î¥í¡¼¥«¥ë´Ä¶­¤Ë¿¯Æþ¤·¤Æ¹¶·âÍѤΥ·¥§¥ë¤òµ¯Æ°¤¹¤ë¤³¤È¤ËÀ®¸ù¤·¤Æ¤¤¤Þ¤¹¡£°Ê²¼¤ÎÀŻ߲è¤ò¥¯¥ê¥Ã¥¯¤¹¤ë¤È¡¢¹¶·â¼Â¹Ô¤ÎÍͻҤòµ­Ï¿¤·¤¿GIF¥¢¥Ë¥á¡¼¥·¥ç¥ó¤ò³Îǧ¤Ç¤­¤Þ¤¹¡£



¡Ö0.0.0.0 Day¡×¤ÏmacOS¤ÈLinux¾å¤Ç¼Â¹Ô¤µ¤ì¤ëChrome¡¢FireFox¡¢Safari¤Ê¤É¤Î¼çÍץ֥饦¥¶¤¬±Æ¶Á¤ò¼õ¤±¤Þ¤¹¡£Windows¤ÏOS¥ì¥Ù¥ë¤Ç¡Ö0.0.0.0¡×¤Ø¤Î¥¢¥¯¥»¥¹¤ò¥Ö¥í¥Ã¥¯¤·¤Æ¤¤¤ë¤¿¤á¡¢¡Ö0.0.0.0 Day¡×¤Î±Æ¶Á¤ò¼õ¤±¤Þ¤»¤ó¡£

Oligo Security¤Ï¤¹¤Ç¤Ë¼çÍץ֥饦¥¶¤Î³«È¯¼Ô¤ËÂФ·¤Æ¡Ö0.0.0.0 Day¡×¤Î¸ºß¤òÊó¹ð¤·¤Æ¤¤¤Þ¤¹¡£¤¹¤Ç¤Ë¡¢Google¤ÏChrome 133¤Þ¤Ç¤ËÂбþ¤ò´°Î»¤¹¤ë¤³¤È¤ò·èÄꤷ¤Æ¤ª¤ê¡¢Apple¤âWebKit¤Ë¡Ö0.0.0.0¡×¤ò¥Ö¥í¥Ã¥¯¤¹¤ëÊѹ¹¤òƳÆþ¤·¤Æ¤¤¤Þ¤¹¡£

°ìÊý¤Ç¡¢FireFox¤Ç¤Ï¡Ö0.0.0.0 Day¡×¤Ø¤ÎÂбþ¤¬·èÄꤷ¤Æ¤¤¤Þ¤»¤ó¡£Mozilla¤Ï¡Ö0.0.0.0 Day¡×¤Ø¤ÎÂбþ¤¬ÃÙ¤ì¤Æ¤¤¤ëÍýͳ¤Ë¤Ä¤¤¤Æ¡Ölocalhost¤Ë¥¢¥¯¥»¥¹¤¹¤ë¤¿¤á¤Ë¡Ø0.0.0.0¡Ù¤ò»ÈÍѤ·¤Æ¤¤¤ë¥æ¡¼¥¶¡¼¤¬Â¸ºß¤·¤Æ¤ª¤ê¡¢¡Ø0.0.0.0¡Ù¤ò¥Ö¥í¥Ã¥¯¤¹¤ë¤È¥µ¡¼¥Ð¡¼¤Ø¤Î¥¢¥¯¥»¥¹¤¬ÉÔ²Äǽ¤Ë¤Ê¤ë¾ì¹ç¤¬¤¢¤ë¡×¤ÈÀâÌÀ¤·¤Æ¤¤¤Þ¤¹¡£