A serious security vulnerability has been revealed in Meta's Llama large language model (LLM) framework, potentially enabling attackers to execute arbitrary code on the llama-stack inference server. Known as CVE-2024-50050, the flaw has a CVSS score of 6. 3 from Meta, while supply chain security firm Snyk rates it as critical with a score of 9. 3. According to Avi Lumelsky, a researcher from Oligo Security, affected versions of Meta's Llama are susceptible to the deserialization of untrusted data, allowing attackers to send harmful data that can be deserialized to execute arbitrary code. This vulnerability is related to remote code execution in the Python Inference API, which automatically deserializes Python objects using the pickle library—considered risky for arbitrary code execution when processing untrusted data. Attackers can exploit this flaw if the ZeroMQ socket, used for AI app development with Meta's Llama models, is exposed over the network. By transmitting crafted malicious objects, an attacker could achieve code execution on the host machine through the unpickle operation. After responsible disclosure on September 24, 2024, Meta patched the issue on October 10 by updating to version 0. 0. 41 and switching from pickle to JSON for socket communications. This is not the first deserialization vulnerability noted in AI frameworks; for example, a similar issue was found in TensorFlow's Keras framework. The announcement of this vulnerability coincided with a report on another flaw in OpenAI's ChatGPT crawler, which could facilitate distributed denial-of-service (DDoS) attacks due to poor handling of HTTP POST requests.

This oversight allows attackers to send numerous hyperlinks within a single request, overwhelming the target site with multiple connections. Additionally, a report from Truffle Security highlighted that some AI coding assistants might inadvertently suggest insecure practices, such as hard-coding API keys, risking security in users' projects. Joe Leon, a security researcher, noted that the training data for LLMs incorporated many insecure coding practices, perpetuating vulnerabilities. Furthermore, research indicates that LLMs could be misused in various stages of cyber attacks, making threats more effective and precise. Research into AI model identification techniques, like ShadowGenes, reveals new means of tracking model genealogy through computational graph analysis. HiddenLayer emphasized that understanding AI model families in an organization enhances security management capabilities.