Amazon Web Services Warns of TorchServe FlawsOpen-Source Tool Used by Global Enterprises Working With AI
A clutch of vulnerabilities in an open-source tool used by major corporations to scale up machine learning models could lead to remote takeover, said a cybersecurity firm in a warning downplayed by Meta, which co-manages the open-source project.
Israeli security firm Oligo in a Tuesday blog post called a trio of TorchServe vulnerabilities, including one it discovered, "ShellTorch."
TorchServe is an optional tool in the PyTorch library, "one of the world's most-used machine learning frameworks," as Oligo describes it. "PyTorch presents an attractive target to attackers who want to breach AI-based systems," it said in the blog post.
The vulnerability it discovered, tracked as CVE-2023-43654 allows an attacker to upload a malicious model to the server, the company said. Combined with a common misconfiguration that leaves TorchServe servers open to the internet and a previous flaw from 2022 that converts a Java message into a malicious object that can execute arbitrary code - a technique known as deserialization - hackers can "remotely run code with high privileges without any authentication," Oligo said.
A Meta spokesperson told Information Security Media Group that the new vulnerability isn't a problem for users who updated TorchServe weeks ago. "The issues in TorchServe - an optional tool for PyTorch - were patched in August rendering the exploit chain described in this blog post moot," the spokesperson said.
Neither AWS nor Oligo have reported active exploitation of ShellTorch.