Latest news with #Tracebit
Yahoo
31-07-2025
- Yahoo
Google Gemini security flaw could have let anyone access systems or run code
When you buy through links on our articles, Future and its syndication partners may earn a commission. Gemini could automatically run certain commands that were previously placed on an allow-list If a benign command was paired with a malicious one, Gemini could execute it without warning Version 0.1.14 addresses the flaw, so users should update now A security flaw in Google's new Gemini CLI tool allowed threat actors to target software developers with malware, even exfiltrating sensitive information from their devices, without them ever knowing. The vulnerability was discovered by cybersecurity researchers from Tracebit just days after Gemini CLI was first launched on June 25, 2025. Google released a fix with the version 0.1.14, which is now available for download. Hiding the attack in plain sight Gemini CLI is a tool that lets developers talk to Google's AI (called Gemini) directly from the command line. It can understand code, make suggestions, and even run commands on the user's device. The problem stems from the fact that Gemini could automatically run certain commands that were previously placed on an allow-list. According to Tracebit, there was a way to sneak hidden, malicious instructions into files that Gemini reads, like In one test, a seemingly harmless command was paired with a malicious one that exfiltrated sensitive information (such as system variables or credentials) to a third-party server. Because Gemini thought it was just a trusted command, it didn't warn the user or ask for approval. Tracebit also says the malicious command could be hidden using clever formatting, so users wouldn't even see it happening. "The malicious command could be anything (installing a remote shell, deleting files, etc),' the researchers explained. The attack is not that easy to pull off, though. It requires a little setting up, including having a trusted command on the allow-list, but it could still be used to trick unsuspecting developers into running dangerous code. Google has now patched the problem, and if you're using Gemini CLI, make sure to update to version 0.1.14 or newer as soon as possible. Also, make sure not to run it on unknown, or untrusted code (unless you're in a secure test environment). Via BleepingComputer You might also like Google says Gemini is being misused to launch major cyberattacks Take a look at our guide to the best authenticator app We've rounded up the best password managers
Techday NZ
31-07-2025
- Techday NZ
Tracebit finds major vulnerability in Google Gemini CLI tool
Tracebit has reported the discovery of a vulnerability affecting Google's Gemini CLI, highlighting risks of silent credential theft and unauthorised command execution from untrusted code. The Gemini CLI tool, designed to assist developers in coding with Google Gemini directly from the command line, was released by Google on 25 June. Tracebit identified the vulnerability within two days, describing a combination of improper validation, prompt injection and misleading user experience as enabling the flaw. This allowed potential attackers to execute arbitrary code without the victim's knowledge when inspecting untrusted code, thereby risking the exfiltration of credentials and sensitive data from users' machines to remote servers. Tracebit explained that their blog post reveals a technical method by which an attacker could exploit Gemini CLI. Attackers could achieve silent code execution against users working with untrusted code, and this method might remain hidden from victims due to the exploit's mode of operation. Disclosure and response Tracebit disclosed the vulnerability directly to Google through its Bug Hunters programme. According to a timeline provided by Tracebit, the vulnerability was initially reported to Google's Vulnerability Disclosure Programme (VDP) on 27 June, just two days after Gemini CLI's public release. Upon receipt, Google triaged the vulnerability as a lower priority; however, as the risk became clearer, the classification was upgraded to P1, S1 - the highest priority and most severe status - on 23 July. The Google product team then addressed the vulnerability, releasing an updated version of Gemini CLI (v0.1.14) with a patch on 25 July, followed by an agreed public disclosure on 28 July. During the approximately one-month period between the tool's launch and the deployment of a fix, Tracebit noted that there had been independent discoveries of at least the command validation vulnerability by several other individuals. User impact and mitigation Tracebit has detailed that in the patched version of Gemini CLI, attempts at code injection display the malicious command to users, and require explicit approval for any additional binaries to be executed. This change is intended to prevent the silent execution that the original vulnerability enabled. For users of the CLI, security is now bolstered by making potentially dangerous prompts visible and requiring activation for certain code actions. The update closes the gap that previously allowed attackers to slip malicious commands past unsuspecting developers. "Our security model for the CLI is centered on providing robust, multi-layered sandboxing. We offer integrations with Docker, Podman, and macOS Seatbelt, and even provide pre-built containers that Gemini CLI can use automatically for seamless protection. For any user who chooses not to use sandboxing, we ensure this is highly visible by displaying a persistent warning in red text throughout their session." (Google VDP Team, July 25th) Google's approach to CLI security leverages containerisation and clear warnings for any users opting out of sandboxing, aiming to mitigate the risks involved in running code from untrusted sources. Tracebit's role in the discovery and reporting of the issue also underlines the importance of rapid, independent security research, particularly as AI-powered tools become central to software development workflows. The company continues to focus on equipping security teams to take an 'assume breach' posture in the face of fast-evolving technologies. The vulnerability and its remediation underscore the need for vigilance when examining and running third-party or untrusted code, especially in tools leveraging AI to assist in software development. Users are advised to update to the latest Gemini CLI version and to use sandboxing features when dealing with unknown sources.
