10K Claude Desktop Users Exposed by Zero-Click Vulnerability
A single malicious Google Calendar event can silently hijack your entire system...
Deep Dive
A critical zero-click vulnerability in Anthropic's Claude Desktop Extensions exposes over 10,000 active users to complete system takeover. LayerX researchers found malicious Google Calendar events can trigger remote code execution when Claude processes vague prompts like 'take care of it.' The flaw stems from Claude's Model Context Protocol allowing untrusted data to flow directly to high-privilege executors without safeguards, granting attackers full access to files, credentials, and system control.
Why It Matters
This exposes the fundamental security crisis in AI assistants: deep system access for productivity creates massive attack surfaces without clear responsibility.