A vulnerability in the Claude Desktop Extensions (DXT) has been discovered, allowing attackers to execute remote code on a system without any user interaction. The issue affects 50 DXT users and is rated at maximum severity (CVSS of 10.0). Researchers found that malicious Google Calendar events could be exploited to perform sensitive commands, such as reading arbitrary files or accessing stored credentials.
Claude DXT, unlike traditional browser extensions, execute with full privileges on the host system, making them more vulnerable to attacks. The vulnerability arises from the Model Context Protocol (MCP) used by DXT, which allows for dynamic selection and combination of external connectors, including Google Calendar.
If left unaddressed, this flaw could have significant implications for users running Claude Desktop Extensions. Anthropic, the company behind the affected software, has declined to fix the issue, citing that it falls outside their current threat model. However, security researchers argue that the vulnerability is severe and should be prioritized.
The incident highlights the need for an “AI shared responsibility” model, where the developers of AI tools are held responsible for the security of users using their products. As AI continues to evolve, it’s essential to address these concerns to ensure the safe deployment of these technologies.
Source: https://www.infosecurity-magazine.com/news