lang icon En
  • News
  • >
  • Cillad Amni oo weyn ayaa laga helay qaab-dhismeedka Llama LLM ee Meta.
Jan. 26, 2025, 9:54 a.m.
2958

Cillad Amni oo weyn ayaa laga helay qaab-dhismeedka Llama LLM ee Meta.

Brief news summary

Cillad amni ah oo weyn, oo loo yaqaan CVE-2024-50050, ayaa laga helay qaab dhismeedka luuqadda weyn ee Llama ee Meta. Vulnerability-kan, oo lagu qiimeeyay 6.3 miiska CVSS oo lagu qiimeeyay 9.3 Snyk, wuxuu ka imanayaa deserialization-ka xog aan la aaminin, taas oo u oggolaaneysa weeraryahannada inay fuliyaan koodh aan xadidnayn oo ku saabsan server-ka Llama ee inference-ka iyagoo adeegsanaya xogaha khatarta ah. Arrintani waxay ka timid maaraynta aan ammaan ahayn ee qaabka pickle ee Python Inference API, kuwaas oo u heli kara iyada oo loo marayo sockets-ka ZeroMQ. Si looga jawaabo arrintan, Meta ayaa soo saartay nooca 0.0.41 10-kii Oktoobar, iyadoo hirgelisay qaab JSON oo ammaan badan oo lagu gudbiyo xogta. Dhacdadani waxay xasuusinaysaa dhibaato la mid ah oo ka dhacday ChatGPT ee OpenAI, taas oo si aan ku filnayn u maareysay codsiyada HTTP POST, taasoo kor u qaaday halista weerarada DDoS. Khubaro ayaa ka digaya in qaabdhismeedyada AI ay badanaa ka kooban yihiin cillado sababo la xiriira dhaqamada koodhinta aan ammaan ahayn, taas oo kordhineysa suurtagalnimada in loo isticmaalo weerarada internetka. Si loo xaliyo caqabadaha amniga, aalado cusub sida ShadowGenes ayaa la sameynayaa si ay u caawiyaan hay'adaha raadinta taariikhda moodallada iyo in la xoojiyo tallaabooyinka amniga AI.

Furitaanka amni darro culus ayaa lagu soo bandhigay qaab-dhismeedka Llama ee Meta, kaasoo suurtagal ka dhigi kara in weeraryahannadu si xor ah koodh uga fulin karaan server-ka inference ee llama-stack. Khaladkan oo loo yaqaan CVE-2024-50050, wuxuu helay dhibco CVSS ah 6. 3 oo ka timid Meta, halka shirkadda ammaanka silsiladda Snyk ay u aragto mid halis ah oo leh dhibco 9. 3. Sida uu sheegay Avi Lumelsky, cilmi-baare ka socda Oligo Security, noocyada ay khuseyso Llama Meta waa kuwo u nugul sidii loo deserialized gareyn lahaa xog aan la aaminin, taasoo u oggolaaneysa weeraryahanada inay diran xog waxyeelo leh oo la deserialized gareyn karto si loo fuliya koodh xaaraani ah. Amni darradan waxay la xiriirtaa fulinta koodh fog oo ku jira API-ga Python Inference, kaasoo si otomatig ah u deserialized gareeya walxaha Python iyada oo la adeegsanayo maktabadda pickle—taas oo loo arko mid khatar ah marka la ilaalinayo xog aan la aaminin. Weeraryahanadu waxay ka faa'iidaysan karaan qaladkan haddii ZeroMQ socket, oo loo isticmaalo horumarinta barnaamijyada AI ee qaababka Llama Meta, lagu muujiyo shabakadda. Iyadoo la dirayo walxo waxyeelo leh oo si habboon loo soo saaray, weeraryahan wuxuu gaari karaa fulinta koodhka mashiinka martida ah iyada oo loo marayo howlgalka unpickle. Kadib markii si mas'uuliyad leh loo shaaciyey 24-ka Sebtembar 2024, Meta waxay sixday arrintan 10-ka Oktoobar iyada oo u cusbooneysiisay nooca 0. 0. 41 iyo ka beddelidda pickle oo loo adeegsaday JSON is-dhaafsiga socket.

Tani maahan amni darro deserialization oo kaliya oo la diiwaangeliyey barnaamijyada AI; tusaale ahaan, arrin la mid ah ayaa laga helay qaab-dhismeedka Keras ee TensorFlow. Bayaanka ku saabsan amni darradan ayaa waxa uu la jaanqaaday warbixin kale oo ku saabsan qalad kale oo ku jira taranka OpenAI ee ChatGPT, kaasoo suurtagal ka dhigi kara in la fuliya weerarro DDoS ah sababo la xiriira maareyn xumo oo ku saabsan codsiyada HTTP POST. Khasaarahaani wuxuu u oggolaanayaa weeraryahanada inay diran isku xiraalado badan hal codsi gudahood, iyagoo si xad dhaaf ah u buuxiya goobta la beegsanayo oo leh xiriiryo badan. Intaas waxaa sii dheer, warbixin ka timid Truffle Security ayaa iftiimisay in qaar ka mid ah caawiyeyaasha koodhka AI ay si aan ula socon ay u soo jeedin karaan dhaqan aan amni ahayn, sida xafidan API keys, taasoo halis galinaysa ammaanka mashaariicda isticmaalaasha. Joe Leon, cilmi-baare amni, ayaa xusay in xogta tababarka ee LLM-yada ay ku jiraan dhaqanno koodh aan amni ahayn oo badan, taasoon sii wadaysa амни darrada. Intaa waxaa dheer, cilmi-baaristu waxay muujineysaa in LLM-yadu lagu isticmaali karo heerar kala duwan oo weerarrada cyber, taasoo ka dhigaysa khataraha kuwo waxtar leh oo sax ah. Cilmi-baaris ku saabsan farsamooyinka aqoonsiga moodalka AI, sida ShadowGenes, ayaa muujinaya habab cusub oo lagu raadinayo dhaxalka moodalka iyada oo la adeegsanayo falanqaynta shabakadda xisaabeed. HiddenLayer ayaa adkeysay in fahamka qoysaska moodalka AI ee hay'aduhu kor u qaadayo awoodaha maareynta ammaanka.


Watch video about

Cillad Amni oo weyn ayaa laga helay qaab-dhismeedka Llama LLM ee Meta.

Try our premium solution and start getting clients — at no cost to you

I'm your Content Creator.
Let’s make a post or video and publish it on any social media — ready?

Language

Content Maker

Our unique Content Maker allows you to create an SEO article, social media posts, and a video based on the information presented in the article

news image

Last news

Sidee AI uga Dhigayaan Istaraatiijiyadaha SEO ee Warshado Kala Duwan: Daraasad Kiis ah

Dec. 24, 2025, 1:29 p.m.

Sidee Fiidiyowyada AI-yeed Lagu Sameeyay U Bedelayaan Istaraatiijiyadaha Suuqgeynta Shaqsiyaysan

Dec. 24, 2025, 1:20 p.m.

50+ Xogta Muhiimka ah ee Suuqgeynta AI ee 2024: Isbeddellada, Qaatitaanka, iyo Saameynta Mustaqbalka

Dec. 24, 2025, 1:18 p.m.

The Best for your Business

Hot news

Dec. 24, 2025, 1:29 p.m.

Daraasad Kiis: Sheekooyinka Guusha SEO ee Ku Sala…

Daraasaddan waxay baartaa saameynta beddelaysa ee sirdoonka artificial (AI) ku leeyahay istiraatijiyadaha kor u qaadista matoorada raadinta (SEO) ee ku saabsan noocyo kala duwan oo ganacsi ah.

Dec. 24, 2025, 1:20 p.m.

Muuqaalo AI-ah oo la sameeyay ayaa helaya caanimo…

Galmada Sirdoonka Artificial (AI) ayaa si xawli ah u beddelaysa suuqgeynta, gaar ahaan iyada oo loo marayo fiidiyowyo AI-soo-saaray ah oo u oggolaanaya astaamaha inay si qoto dheer ula xiriiraan dhagaystayaashooda iyada oo loo marayo waxyaabo si gaar ah u habaysan.

Dec. 24, 2025, 1:18 p.m.

Tirooyinka Suuqgeynta AI ee Sareysa ee 2024 oo ah…

Sirdoonka Artificial (AI) ayaa si qoto dheer u saamaynaysa warshado badan, gaar ahaan suuqgeynta.

Dec. 24, 2025, 1:16 p.m.

SEO caan ah oo sharaxaya sababta ay wakiilada AI …

Waxaan si dhow u daawanayaa korriinka SEO ee ku saleysan wakiilada (agentic SEO), anigoo kalsoon inay marka awoodaha AI horumarayaan sanadaha soo socda, wakiiladu si qoto dheer u beddeli doonaan warshadaha.

Dec. 24, 2025, 1:16 p.m.

HTC waxay ku xifdishay istiraatiijiyaddeeda AI-da…

HTC oo salka ku haysa Taiwan waxay ku tiirsan tahay habka madal furan si ay u hesho saamiga suuqa ee qaybta muraayadaha casriga ah ee si xawli ah ku fidaysa, maaddaama muraayadaha indhaha ee AI-ga ku salaysan ee cusub ay usii oggolaanayaan isticmaaleyaasha inay doortaan nooca AI ee ay rabaan in ay isticmaalayaan, sida uu sheegay masuul kamid ah.

Dec. 24, 2025, 1:14 p.m.

Saadaal: Saddexda Qiimeyn ee Sirdoonka Artificial…

Sahamka garaafka sirdoonka artificial (AI) ayaa sii watey inay si xooggan u wanaagsanaadaan sanadkii 2025, iyagoo ka faa'iideystay horumarka ka dhacay 2024.

Dec. 24, 2025, 9:26 a.m.

AI ee Falanqaynta Muuqaalka: Furitaanka Aragtiyo …

Sanadihii ugu dambeeyay, warshado badan ayaa qaadatay falanqaynta muuqaalka ee ku saleysan garaacista sirta ah ee sirdoonka artificial-ka ah sida hab awood leh oo lagu soo saaro aragtiyo qiimo leh oo ka soo baxa xog aragtiyeed ballaaran.

All news

AI Company

Launch your AI-powered team to automate Marketing, Sales & Growth

and get clients on autopilot — from social media and search engines. No ads needed

Begin getting your first leads today

close icon

Your News is ready

Your article is ready

Lorem ipsum dolor sit amet consectetur adipisicing elit. Fuga dolor minus maiores. Aut vero expedita dicta, dolorem odit excepturi odio doloremque voluptatem repellat aliquam? Dolores nemo eum id pariatur! Nobis!

close icon
close icon
close icon
close icon

Join our community of experts

Create your own avatar to work for you — completely free of charge!

or register using your or register using your email:

Check your email for a verification link

Please fill out the checkbox

close icon

Welcome to Neuron Expert!

Your AI platform to build a company that generates clients on autopilot.

  • Create digital employees that work 24/7
  • Attract clients from social media & search engines
  • Automate SEO, SMM, and sales
  • Connect with a global network of experts
close icon

Check your email

We've sent a confirmation email to

Please check your inbox and click the link to complete your registration

Didn’t receive it? Check your Spam or Promotions folder

close icon

Launch Your AI-Powered Business

and get clients without any advertising investment!

AI finds clients, negotiates, and closes deals on its own.

Start your free trial today!
fully automated mode
SMM
SEO
Email-MArketing

AI Marketing Across All Social Media

Let AI take control and automatically generate leads for you!!

Create and publish viral social media content on autopilot

SALES
CUSTOMER RETENTION
AUTOMATION

AI Sales Manager + CRM

A revolutionary solution for sales automation based on artificial intelligence

AI sales managers work 24/7, with no need for sleep, food, or breaks, and speak all languages.

close icon
close icon

Support

close icon
close icon

Content Maker

Learn how to craft press releases, create unique social media posts, write SEO-optimized articles for websites, and produce videos, all from a single source

Publish created content in one click to all networks from one place

close icon

You have unsubscribed from the mailing list recklessly but successfully.

We are not saying goodbye and look forward to seeing you again.