And so Microsoft decided this wasn't a big enough vulnerability to pay them a bounty. Why the fuck would you ever share that with them then, if you could sell it to a black-hat hacking org for thousands?
How we Rooted Copilot
Submitted 4 weeks ago by Pro@programming.dev to technology@lemmy.world
https://research.eye.security/how-we-rooted-copilot/
Comments
BaroqueInMind@piefed.social 4 weeks ago
fmstrat@lemmy.nowsci.com 4 weeks ago
There may not have been any logical progression beyond the container.
deadcade@lemmy.deadca.de 3 weeks ago
Surely there wasn’t an exploit on the half a year out of date kernel (Article screenshots from April 2025, uname kernel release from a CBL-Mariner released September 3rd 2024).
Bubbey@lemmy.world 3 weeks ago
I’m sure nothing will go wrong with tons of critical business documents being routed through copilot for organizations…
nathan@piefed.alphapuggle.dev 4 weeks ago
$10 says they haven't actually escaped anything and it's just hallucinating a directory structure & file contents
communism@lemmy.ml 4 weeks ago
MS said they fixed it and categorised it as a “moderate severity vulnerability” so presumably they did in fact gain root access to the container
wewbull@feddit.uk 4 weeks ago
If they gained root access to the container, that’s not a moderate vulnerability. Root inside a container is still root. You can still access the kernel with root privs and it’s the same kernel as the host.
Docker is not a virtual machine.
MagicShel@lemmy.zip 4 weeks ago
Even if it had access to its own source during training, the chances of it regurgitating it with total fidelity are zero.