Security researchers have discovered a vulnerability in Meta’s Llama Large Language Model (LLM) that could have been exploited by threat actors to execute arbitrary code on affected servers. The bug, known as CVE-2024-50050, was found in the Llama Stack component of the model, which is used for optimizing large language models. The flaw, which had a severity score of 6.3, was related to the use of pickle as a serialization format for socket communication.
After being alerted by cybersecurity experts from Oligo Security, Meta addressed the issue by switching to JSON for socket communication in version 0.0.41 released on October 10, 2024. The company also issued a security advisory explaining the remote code execution risk associated with using pickle and advising users to update to the patched version. LLaMA, a series of language models developed by Meta, is utilized for various natural language processing tasks.
In related news, Meta has allowed the US military to use its Llama AI model for ‘national security applications’. For more tech updates, visit TechRadar Pro for information on the best firewalls and endpoint security tools available currently.