Meta Llama LLM security flaw could let hackers easily breach systems and spread malware

Security researchers find way to abuse Meta’s Llama LLM for remote code execution
Meta addressed the problem in early October 2024
The problem was using pickle as a serialization format for socket communication

Meta’s Llama Large Language Model (LLM) had a vulnerability which could have allowed threat actors to execute arbitrary code on the flawed server, experts have warned.

Cybersecurity researchers from Oligo Security published an in-depth analysis about a bug tracked as CVE-2024-50050, which according to the National Vulnerability Database (NVD), carries a severity score of 6.3 (medium).

The bug was discovered in a component called Llama Stack, designed to optimize the deployment, scaling, and integration of large language models.

Oligo described the affected version as “vulnerable to deserialization of untrusted data, meaning that an attacker can execute arbitrary code by sending malicious data that is deserialized.”

NVD describes the flaw like this: “Llama Stack prior to revision 7a8aa775e5a267cf8660d83140011a0b7f91e005 used pickle as a serialization format for socket communication, potentially allowing for remote code execution”.

“Socket communication has been changed to use JSON instead,” it added.

The researchers tipped Meta off about the bug on September 24, and the company addressed it on October 10, by pushing versions 0.0.41. The Hacker News notes the flaw has also been remediated in pyzmq, a Python library that provides access to the ZeroMQ messaging library.

Together with the patch, Meta released a security advisory in which it told the community it had fixed a remote code execution risk associated with using pickle as a serialization format for socket communication. The solution was to switch to the JSON format.

LLaMA, or Large Language Model Meta AI is a series of large language models developed by social media giant, Meta. These models are designed for natural language processing (NLP) tasks, such as text generation, summarization, translation, and more.

More from TechRadar Pro

https://cdn.mos.cms.futurecdn.net/3Ek42Bm7W4No2qAL4PKvCU-1200-80.jpg

Source link

‘Eternal’ 5D memory crystal capable of storing 360 TB of data for billions of years now holds a full human genome

Prime Target stars Leo Woodall and Quintessa Swindell on which movies inspired the new Apple TV Plus show, memorizing math formulas and where it...

How to watch Aston Villa vs Celtic live stream online

NYT Strands today — my hints, answers and spangram for Wednesday, January 29 (game #332)

What UK political parties are promising in the 2019 general election

Otto Warmbier’s parents want North Korea to suffer for their son’s death

Could a ‘youthquake’ cause Boris Johnson to lose the general election?

People are driving through flames to escape this California wildfire

Which Celebrity Styles Americans Copy Most in 2025: New Study

New ‘Westworld’ trailer introduces us to another dystopian tech company

What’s the point of ‘Charlie’s Angels’ without Sam Rockwell dancing?

These striking photos capture the future of human flight

Trump vs. Harris: How the election will affect EV adoption

Lumwana’s Super Pit Expansion Officially Launched By Investing.com

How Biden could use a 1947 law to suspend the dockworkers’ strike

Why your Roth IRA conversions could have ‘unintended’ tax consequences

The YouTuber who has become one of Gen Z’s most beloved celebrities

26 last-minute holiday gifts that are still thoughtful and unique

Practicing gratitude regularly can make you less stressed and sleep better

8 things millennials wish you would just stop getting them for the holidays

Meta Llama LLM security flaw could let hackers easily breach systems and spread malware

‘Eternal’ 5D memory crystal capable of storing 360 TB of data for billions of years now holds a full human genome

Prime Target stars Leo Woodall and Quintessa Swindell on which movies inspired the new Apple TV Plus show, memorizing math formulas and where it...

How to watch Aston Villa vs Celtic live stream online

NYT Strands today — my hints, answers and spangram for Wednesday, January 29 (game #332)

Leave a reply Cancel reply