Users who downloaded an overnight build of the PyTorch framework between December 25-30 installed a malicious version of the torchtriton dependency, stealing system data. The PyTorch project recommends that users uninstall older versions and install the latest overnight build. Users using stable releases of PyTorch are not affected. A malicious version of torchtriton was part of a research project that went wrong, according to a person claiming responsibility. They apologized and said the stolen data had been deleted in its entirety. This is the latest dependency confusion attack.
This article is transferred from: https://www.solidot.org/story?sid=73811
This site is only for collection, and the copyright belongs to the original author.