JFrog products seamlessly integrate with practically any development environment on Earth, from legacy code to the most recent containers and micro-services.

Picklescan, an open-source tool designed to analyze Python pickle files for malicious content, has been found to contain three critical vulnerabilities. These vulnerabilities allow malicious actors to execute arbitrary code by loading untrusted PyTorch models, thereby bypassing the tool's protection mechanisms. The vulnerabilities exploit gaps in Picklescan's processing of pickle files, leading to potential remote code execution and evasion of detection mechanisms. Developed by Matthieu Maitre, Picklescan is widely used for detecting malicious content in pickle files, which are known for their potential to execute arbitrary code during deserialization. The impact of these vulnerabilities is significant, as they undermine the tool's primary function and could lead to full system compromise if exploited. While no specific disclosure or patch date has been mentioned, it is crucial for users of Picklescan to be aware of these vulnerabilities and take appropriate mitigations. Further details on the specific vulnerabilities and potential workarounds can be found in the source article. The discovery of these vulnerabilities highlights the importance of securing tools used for security purposes and the ongoing challenge of handling untrusted data. From an expert perspective, these vulnerabilities serve as a reminder of the risks associated with deserializing untrusted data. Even tools designed to mitigate these risks can themselves be vulnerable to exploitation. Therefore, it is crucial for organizations to implement multiple layers of defense, including input validation and regular security assessments. Additionally, the fact that these vulnerabilities can be exploited via malicious PyTorch models is particularly concerning given the widespread use of PyTorch in machine learning applications. In conclusion, while Picklescan is a valuable tool for detecting malicious content in pickle files, these vulnerabilities highlight the need for ongoing vigilance and security updates.

Eyal Estrin unread, 1:43 AM (30 minutes ago)    to https://jfrog.com/blog/unveiling-3-zero-day-vulnerabilities-in-picklescan/ Eyal Estrin CISSP, CCSP, CISM, CISA, CDPSE, CCSK Blog: https://security-24-7.com | Books: https://amzn.to/42Xai9A | https://amzn.to/3Sggbtv Twitter: @eyalestrin | Bluesky: @eyalestrin.bsky.social

A Silent Threat Rising Inside the AI Supply Chain The security walls guarding modern machine learning systems have always begun with one foundation, the AI model scanner. These scanners were designed to sift through serialized model files, expose hidden threats, and block malicious actors before they reached production environments. Yet recent discoveries reveal that one of the most trusted defenses in the industry, PickleScan, contains severe blind spots.