Meta Llama LLM security flaw could let hackers easily breach systems and spread malware

News
By
published

Researchers found a way to abuse Meta's Llama LLM

A person holding out their hand with a digital AI symbol.
(Image credit: Shutterstock / LookerStudio)
  • Security researchers find way to abuse Meta's Llama LLM for remote code execution
  • Meta addressed the problem in early October 2024
  • The problem was using pickle as a serialization format for socket communication

Meta's Llama Large Language Model (LLM) had a vulnerability which could have allowed threat actors to execute arbitrary code on the flawed server, experts have warned.

Cybersecurity researchers from Oligo Security published an in-depth analysis about a bug tracked as CVE-2024-50050, which according to the National Vulnerability Database (NVD), carries a severity score of 6.3 (medium).

The bug was discovered in a component called Llama Stack, designed to optimize the deployment, scaling, and integration of large language models.

Meta issues a fix

Oligo described the affected version as “vulnerable to deserialization of untrusted data, meaning that an attacker can execute arbitrary code by sending malicious data that is deserialized."

NVD describes the flaw like this: “Llama Stack prior to revision 7a8aa775e5a267cf8660d83140011a0b7f91e005 used pickle as a serialization format for socket communication, potentially allowing for remote code execution”.

“Socket communication has been changed to use JSON instead,” it added.

The researchers tipped Meta off about the bug on September 24, and the company addressed it on October 10, by pushing versions 0.0.41. The Hacker News notes the flaw has also been remediated in pyzmq, a Python library that provides access to the ZeroMQ messaging library.

Together with the patch, Meta released a security advisory in which it told the community it had fixed a remote code execution risk associated with using pickle as a serialization format for socket communication. The solution was to switch to the JSON format.

LLaMA, or Large Language Model Meta AI is a series of large language models developed by social media giant, Meta. These models are designed for natural language processing (NLP) tasks, such as text generation, summarization, translation, and more.

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.