Security News

"[I]n just one minute per prompt, we get an attack success rate of 89 percent on jailbreaking Vicuna-7B- v1.5, while the best baseline method achieves 46 percent," the authors state in their paper. "BEAST can attack a model as long as the model's token probability scores from the final network layer can be accessed. OpenAI is planning on making this available. Therefore, we can technically attack publicly available models if their token probability scores are available."

Researchers at cybersecurity research and consulting firm Trail of Bits have discovered a vulnerability that could allow attackers to read GPU local memory from affected Apple, Qualcomm, AMD and Imagination GPUs. In particular, the vulnerability-which the researchers named LeftoverLocals-can access conversations performed with large language models and machine learning models on affected GPUs.

Researchers at cybersecurity research and consulting firm Trail of Bits have discovered a vulnerability that could allow attackers to read GPU local memory from affected Apple, Qualcomm, AMD and Imagination GPUs. In particular, the vulnerability-which the researchers named LeftoverLocals-can access conversations performed with large language models and machine learning models on affected GPUs.

Research made public on Tuesday detailed how miscreants can exploit the hole to read data they're not supposed to in a system's local GPU memory. While the flaw potentially affects all GPU applications on vulnerable chips, it is especially concerning for those processing machine-learning applications because of the amount of data these models process using GPUs, and therefore the amount of potentially sensitive information that could be swiped by exploiting this issue.

A new vulnerability dubbed 'LeftoverLocals' affecting graphics processing units from AMD, Apple, Qualcomm, and Imagination Technologies allows retrieving data from the local memory space. [...]

Qualcomm is warning of three zero-day vulnerabilities in its GPU and Compute DSP drivers that hackers are actively exploiting in attacks. Qualcomm says it has released security updates that address the issues in its Adreno GPU and Compute DSP drivers, and impacted OEMs were also notified.

A vulnerability in the kernel drivers for several Mali GPUs "May be under limited, targeted exploitation," British semiconductor manufacturer Arm has confirmed on Monday, when it released drivers updated with patches. Arm's Mali GPUs are used on a variety devices, most prominently on Android phones by Google, Samsung, Huawei, Nokia, Xiaomi, Oppo, and other manufacturers.

Arm has released security patches to contain a security flaw in the Mali GPU Kernel Driver that has come under active exploitation in the wild. Tracked as CVE-2023-4211, the shortcoming impacts...

Arm in a security advisory today is warning of an actively exploited vulnerability affecting the widely-used Mali GPU drivers. The flaw is currently tracked as CVE-2023-4211 and was discovered and reported to Arm by researchers of Google's Threat Analysis Group and Project Zero.

Researchers from four American universities have developed a new GPU side-channel attack that leverages data compression to leak sensitive visual data from modern graphics cards when visiting web pages. The GPU.zip researchers explain that all modern graphic processor units, especially integrated Intel and AMD chips, perform software-visible data compression even when not explicitly asked.