type
status
date
slug
summary
tags
category
icon
password
📢【新聞標題】
Meta fixes bug that could leak users' AI prompts and generated content
Meta修復了一個可能洩露用戶AI提示和生成內容的漏洞
📰【摘要】
Meta has fixed a security bug that allowed Meta AI chatbot users to access and view the private prompts and AI-generated responses of other users. The bug was reported by Sandeep Hodkasia, the founder of AppSecure, who received a $10,000 bug bounty reward. The fix was deployed on January 24, 2025, and Meta found no evidence of malicious exploitation.
Meta修復了一個安全漏洞,該漏洞允許Meta AI聊天機器人用戶訪問和查看其他用戶的私有提示和AI生成的回复。這個漏洞由安全測試公司AppSecure的創始人Sandeep Hodkasia報告,他獲得了10,000美元的漏洞賞金獎勵。該修復程式於2025年1月24日部署,Meta沒有發現惡意利用的證據。
🗝️【關鍵詞彙表】
📝 bug (n.)
- 漏洞、缺陷
- 例句: Meta has fixed a security bug.
- 翻譯: Meta 已經修復了一個安全漏洞。
📝 prompt (n.)
- 提示、提示詞
- 例句: Leak users' AI prompts and generated content.
- 翻譯: 洩漏用戶的 AI 提示和生成的內容。
📝 bounty (n.)
- 賞金、獎金
- 例句: Meta paid him $10,000 in a bug bounty reward.
- 翻譯: Meta 支付給他 10,000 美元的漏洞賞金。
📝 exploit (v.)
- 利用、濫用
- 例句: Found no evidence that the bug was maliciously exploited.
- 翻譯: 沒有發現該漏洞被惡意利用的證據。
📝 authorized (adj.)
- 授權的、批准的
- 例句: Was authorized to see it.
- 翻譯: 被授權查看它。
📝 scrape (v.)
- 抓取、刮取
- 例句: Potentially allowing a malicious actor to scrape users’ original prompts.
- 翻譯: 可能允許惡意行為者抓取用戶的原始提示。
📝 inadvertently (adv.)
- 不小心地、非故意地
- 例句: Some users inadvertently publicly shared what they thought were private conversations.
- 翻譯: 一些用戶不小心公開分享了他們認為是私人的對話。
✍️【文法與句型】
📝 allowed...to
- 說明: 表示允許某人做某事。
- 翻譯: 允許...做...
- 例句: Meta has fixed a security bug that allowed Meta AI chatbot users to access and view the private prompts.
- 翻譯: Meta修復了一個安全漏洞,該漏洞允許Meta AI聊天機器人用戶訪問和查看私人提示。
📝 comes at a time when
- 說明: 表示在...的時候。
- 翻譯: 在...的時候
- 例句: News of the bug comes at a time when tech giants are scrambling to launch and refine their AI products.
- 翻譯: 這個漏洞的消息出現之際,科技巨頭們正在爭先恐後地推出和完善他們的AI產品。
📖【全文與翻譯】
Meta has fixed a security bug that allowed Meta AI chatbot users to access and view the private prompts and AI-generated responses of other users.
Meta 修復了一個安全漏洞,該漏洞允許 Meta AI 聊天機器人使用者訪問和查看其他使用者的私人提示和 AI 生成的回應。
Sandeep Hodkasia, the founder of security testing firm AppSecure, exclusively told TechCrunch that Meta paid him $10,000 in a bug bounty reward for privately disclosing the bug he filed on December 26, 2024.
安全測試公司 AppSecure 的創始人 Sandeep Hodkasia 獨家告訴 TechCrunch,Meta 向他支付了 10,000 美元的漏洞賞金,以獎勵他私下披露了他在 2024 年 12 月 26 日提交的漏洞。
Meta deployed a fix on January 24, 2025, said Hodkasia, and found no evidence that the bug was maliciously exploited.
Hodkasia 說,Meta 在 2025 年 1 月 24 日部署了一個修復程式,並且沒有發現該漏洞被惡意利用的證據。
Hodkasia told TechCrunch that he identified the bug after examining how Meta AI allows its logged-in users to edit their AI prompts to regenerate text and images.
Hodkasia 告訴 TechCrunch,他在檢查 Meta AI 如何允許其登錄使用者編輯其 AI 提示以重新生成文字和圖像後,發現了該漏洞。
He discovered that when a user edits their prompt, Meta’s back-end servers assign the prompt and its AI-generated response a unique number.
他發現,當使用者編輯他們的提示時,Meta 的後端伺服器會為提示及其 AI 生成的回應分配一個唯一的數字。
By analyzing the network traffic in his browser while editing an AI prompt, Hodkasia found he could change that unique number and Meta’s servers would return a prompt and AI-generated response of someone else entirely.
通過在編輯 AI 提示時分析瀏覽器中的網路流量,Hodkasia 發現他可以更改該唯一數字,並且 Meta 的伺服器將返回完全是其他人的提示和 AI 生成的回應。
The bug meant that Meta’s servers were not properly checking to ensure that the user requesting the prompt and its response was authorized to see it.
這個漏洞意味著 Meta 的伺服器沒有正確檢查以確保請求提示及其回應的使用者被授權查看它。
Hodkasia said the prompt numbers generated by Meta’s servers were “easily guessable,” potentially allowing a malicious actor to scrape users’ original prompts by rapidly changing prompt numbers using automated tools.
Hodkasia 說,Meta 的伺服器生成的提示數字「很容易猜測」,這可能會允許惡意行為者使用自動化工具快速更改提示數字來抓取使用者的原始提示。
When reached by TechCrunch, Meta confirmed it fixed the bug in January and that the company “found no evidence of abuse and rewarded the researcher,” Meta spokesperson Ryan Daniels told TechCrunch.
TechCrunch 聯繫 Meta 時,Meta 證實它在 1 月份修復了該漏洞,並且該公司「沒有發現濫用證據並獎勵了研究人員」,Meta 發言人 Ryan Daniels 告訴 TechCrunch。
News of the bug comes at a time when tech giants are scrambling to launch and refine their AI products, despite many security and privacy risks associated with their use.
在這個漏洞的消息傳出之際,儘管與使用這些 AI 產品相關的許多安全和隱私風險,科技巨頭們正在爭先恐後地推出和完善他們的 AI 產品。
Meta AI’s stand-alone app, which debuted earlier this year to compete with rival apps like ChatGPT, launched to a rocky start after some users inadvertently publicly shared what they thought were private conversations with the chatbot.
Meta AI 的獨立應用程式於今年早些時候首次亮相,旨在與 ChatGPT 等競爭應用程式競爭,但在一些使用者不小心公開分享了他們認為是與聊天機器人的私人對話後,推出時遭遇了不順利的開端。
🔗【資料來源】
文章連結:<https://techcrunch.com/2025/07/15/meta-fixes-bug-that-could-leak-users-ai-prompts-and-generated-content/>