LayerX, a security firm from Tel Aviv, has discovered a zero-click remote code execution vulnerability in Claude Desktop Extensions, now called MCP Bundles, linked to Google Calendar entries. This flaw, rated 10/10 on the CVSS scale, stems from the extensions being able to process potentially harmful commands without adequate safeguards. LayerX’s principal researcher, Roy Paz, contends that the extensions lack proper sandboxing, enabling privileged access on the host system. Paz illustrated this vulnerability when Claude executed malicious tasks derived from a Google Calendar invitation, exposing users to the risk of malware. Despite LayerX notifying Anthropic, the company opted not to address the vulnerability, asserting it falls outside their threat model. This decision raises concerns as malicious entries in Google Calendar could lead to unauthorized system access. The incident highlights the critical need for robust security measures in AI applications, particularly regarding user permissions and connector interactions.
Source link
