Ollama patches critical vulnerability in open-source AI-framework
- by nlqip
The potential for mischief is extensive. Sagi Tzadik, the Wiz researcher who discovered the vulnerability, told CSO: “An attacker would be able to covertly leak private models, spy on user prompts, alter their responses, ransom the whole system, and even gain a foothold in the internal network. Once exploited, the machine is compromised.”
Authentication shortcomings create potential exposure
The lack of maturity for the class of technology makes it prudent to deploy additional security controls beyond applying Ollama’s patch, Wiz advised. Ollama setups should be isolated from the internet.
“The Ollama project is still in its early stages and does not support critical security features, like authentication,” Wiz’s Tzadik told CSO. “Even with the latest version running, attackers can obtain the AI models used on the Ollama server and even run them using the victim’s compute power.
Source link
lol
The potential for mischief is extensive. Sagi Tzadik, the Wiz researcher who discovered the vulnerability, told CSO: “An attacker would be able to covertly leak private models, spy on user prompts, alter their responses, ransom the whole system, and even gain a foothold in the internal network. Once exploited, the machine is compromised.” Authentication shortcomings…
Recent Posts
- Arm To Seek Retrial In Qualcomm Case After Mixed Verdict
- Jury Sides With Qualcomm Over Arm In Case Related To Snapdragon X PC Chips
- Equinix Makes Dell AI Factory With Nvidia Available Through Partners
- AMD’s EPYC CPU Boss Seeks To Push Into SMB, Midmarket With Partners
- Fortinet Releases Security Updates for FortiManager | CISA