Google’s Gemini CLI, an AI tool for terminal code writing, was identified as highly vulnerable just 48 hours post-launch. Researchers found that prompt injection attacks allowed attackers to execute harmful commands and steal sensitive data without detection. By embedding malicious code within innocuous-looking command lines using excessive whitespace, attackers could manipulate environment variables to gain unauthorized access to server details.
Security expert Sam Cox highlighted the risks of destructive commands, underscoring the urgency of the situation. Unlike similar tools from Anthropic and OpenAI, Gemini CLI was particularly exposed. The vulnerability stemmed from deceptive README.md files, which Gemini reads for guidance. Attackers exploited the allow list feature by initially adding a benign command, enabling subsequent destructive commands to bypass security checks.
Google rated this flaw Priority 1 and Severity 1, the highest threat classification, and promptly released a fix. Users are urged to upgrade to version 0.1.14 and use sandboxes for untrusted code.
Source link
