A critical flaw in Ollama Desktop v0.10.0, an open-source tool for running large language models locally, allowed attackers to hijack chats and even inject malicious AI models via booby-trapped websites. The vulnerability, discovered by GitLab’s Chris Moberly, stemmed from weak cross-origin (CORS) controls in the app’s new GUI web service, enabling attackers to bypass preflight checks with “simple” requests.
By tricking the app through port scanning and fake POST requests, miscreants could intercept all conversations, log them remotely, and alter AI responses in real time — all without user interaction. Fortunately, the issue did not affect the core Ollama API and was patched quickly in v0.10.1 after Moberly’s disclosure on July 31. While proof-of-concept code has been released, there’s no evidence the bug was exploited before the fix. Users who installed via the official packages get the update automatically, but Homebrew users must update manually.
Read more...