1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Meta Llama LLM security flaw could let hackers easily breach syst

    From TechnologyDaily@1337:1/100 to All on Mon Jan 27 16:15:07 2025
    Meta Llama LLM security flaw could let hackers easily breach systems and spread malware

    Date:
    Mon, 27 Jan 2025 16:08:00 +0000

    Description:
    Meta's LLM could be exploited to run remote code execution, experts warn.

    FULL STORY ======================================================================Security
    researchers find way to abuse Meta's Llama LLM for remote code execution
    Meta addressed the problem in early October 2024 The problem was using pickle as a serialization format for socket communication

    Meta's Llama Large Language Model ( LLM ) had a vulnerability which could
    have allowed threat actors to execute arbitrary code on the flawed server, experts have warned.

    Cybersecurity researchers from Oligo Security published an in-depth analysis about a bug tracked as CVE-2024-50050, which according to the National Vulnerability Database ( NVD ), carries a severity score of 6.3 (medium).

    The bug was discovered in a component called Llama Stack, designed to
    optimize the deployment, scaling, and integration of large language models. Meta issues a fix

    Oligo described the affected version as vulnerable to deserialization of untrusted data, meaning that an attacker can execute arbitrary code by
    sending malicious data that is deserialized."

    NVD describes the flaw like this: Llama Stack prior to revision 7a8aa775e5a267cf8660d83140011a0b7f91e005 used pickle as a serialization
    format for socket communication, potentially allowing for remote code execution.

    Socket communication has been changed to use JSON instead, it added.

    The researchers tipped Meta off about the bug on September 24, and the
    company addressed it on October 10, by pushing versions 0.0.41. The Hacker News notes the flaw has also been remediated in pyzmq, a Python library that provides access to the ZeroMQ messaging library.

    Together with the patch, Meta released a security advisory in which it told the community it had fixed a remote code execution risk associated with using pickle as a serialization format for socket communication. The solution was
    to switch to the JSON format.

    LLaMA, or Large Language Model Meta AI is a series of large language models developed by social media giant, Meta. These models are designed for natural language processing (NLP) tasks, such as text generation, summarization, translation, and more. More from TechRadar Pro Meta is letting the US
    military use its Llama AI model for national security applications Here's a list of the best firewalls around today These are the best endpoint security tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/meta-llama-llm-security-flaw-could-let- hackers-easily-breach-systems-and-spread-malware


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)