"LayerX researchers found that a single malicious Google Calendar event can trigger remote code execution on Claude Desktop systems, enabling silent takeover at scale. "If exploited by a bad actor, even a benign prompt ("take care of it"), coupled with a maliciously worded calendar event, is sufficient to trigger arbitrary local code execution that compromises the entire system," said LayerX researchers in their analysis."
"Unlike traditional browser extensions, which operate within tightly sandboxed environments, Claude Desktop Extensions run unsandboxed and with full operating system privileges, giving them broad access to local system resources. At the root of the issue is the architecture of Anthropic's Model Context Protocol (MCP). MCP allows Claude to autonomously select and chain together multiple tools to fulfill user requests, a design intended to improve productivity and automation."
A single malicious Google Calendar event can trigger remote code execution on Claude Desktop systems, enabling silent takeover at scale. More than 10,000 active Claude Desktop users and over 50 desktop extensions in Anthropic's marketplace are affected. Claude Desktop Extensions run unsandboxed with full operating system privileges, giving them broad access to local system resources. Anthropic's Model Context Protocol (MCP) allows Claude to autonomously select and chain multiple tools to fulfill requests. MCP autonomy creates a trust boundary failure that lets data from low-risk connectors flow into high-privilege execution. The situation underscores the need for a clear AI shared-responsibility model for security across layers.
Read at TechRepublic
Unable to calculate read time
Collection
[
|
...
]