Artificial Intelligence & Machine Learning , Governance & Risk Management , Next-Generation Technologies & Secure Development
Amazon Web Services Warns of TorchServe Flaws
Open-Source Tool Used by Global Enterprises Working With AIA clutch of vulnerabilities in an open-source tool used by major corporations to scale up machine learning models could lead to remote takeover, said a cybersecurity firm in a warning downplayed by Meta, which co-manages the open-source project.
See Also: 2024 Threat Landscape: Data Loss is a People Problem
Israeli security firm Oligo in a Tuesday blog post called a trio of TorchServe vulnerabilities, including one it discovered, "ShellTorch."
TorchServe is an optional tool in the PyTorch library, "one of the world's most-used machine learning frameworks," as Oligo describes it. "PyTorch presents an attractive target to attackers who want to breach AI-based systems," it said in the blog post.
The vulnerability it discovered, tracked as CVE-2023-43654 allows an attacker to upload a malicious model to the server, the company said. Combined with a common misconfiguration that leaves TorchServe servers open to the internet and a previous flaw from 2022 that converts a Java message into a malicious object that can execute arbitrary code - a technique known as deserialization - hackers can "remotely run code with high privileges without any authentication," Oligo said.
Amazon Web Services, which along with social media giant Meta runs the TorchServe project, issued an advisory on Monday. Google also published an advisory on Tuesday.
A Meta spokesperson told Information Security Media Group that the new vulnerability isn't a problem for users who updated TorchServe weeks ago. "The issues in TorchServe - an optional tool for PyTorch - were patched in August rendering the exploit chain described in this blog post moot," the spokesperson said.
Neither AWS nor Oligo have reported active exploitation of ShellTorch.