Full Report
Security researchers have uncovered severe remote code execution vulnerabilities in three official Claude Desktop extensions developed and published by Anthropic. The Chrome, iMessage, and Apple Notes connectors, which collectively boast over 350,000 downloads and occupy prominent positions in Claude Desktop’s extension marketplace, all contained the same critical security flaw: unsanitized command injection. The vulnerabilities, confirmed […] The post Claude Desktop Hit by Critical RCE Flaws Allowing Remote Code Execution appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Analysis Summary
# Vulnerability: Critical RCE via Unsanitized Command Injection in Claude Desktop Extensions
## CVE Details
- CVE ID: Not specified in the provided text (Requires external lookup/vendor advisory)
- CVSS Score: 8.9 (High)
- CWE: CWE-78 (Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'))
## Affected Systems
- Products: Three official Claude Desktop extensions: Chrome connector, iMessage connector, and Apple Notes connector.
- Versions: Not specified, but all affected versions have been patched.
- Configurations: Occurs when the extensions process user-provided input (e.g., URLs fetched from the web) and pass it directly into AppleScript commands without sanitization.
## Vulnerability Description
The vulnerability is due to **unsanitized command injection** within the Claude Desktop extensions. The extension server accepts user input (like a URL) and inserts it directly into underlying AppleScript commands. This allows an attacker to inject arbitrary malicious AppleScript code, which then executes as shell commands with **full system privileges** because these extensions run unsandboxed on Claude Desktop. The attack vector is particularly dangerous when Claude processes web content, as a malicious website can serve a payload that exploits the extension when Claude's user agent accesses it.
## Exploitation
- Status: Patched. (The text implies exploitation was possible but does not confirm if it occurred in the wild, only that researchers confirmed the flaw.)
- Complexity: Low (Exploitable via crafted web content presented to Claude).
- Attack Vector: Network (via web content accessed by Claude) or potentially localized input depending on the context of the extension interaction.
## Impact
- Confidentiality: High (Potential to steal SSH keys, AWS credentials, session tokens).
- Integrity: High (Potential to modify system settings, install backdoors).
- Availability: Medium/High (Potential for system disruption depending on the injected payload like denial of service).
## Remediation
### Patches
- Patches are **available** as the vulnerabilities "have since been patched." (Specific patch versions are not listed in the source text.)
### Workarounds
- Disable or remove the affected Claude Desktop extensions (Chrome, iMessage, and Apple Notes connectors) until confirmation of the patched version install.
- Only interact with trusted sources via Claude, though the primary risk exists when Claude fetches untrusted web content automatically.
## Detection
- Indicators of Compromise: Sudden execution of unusual shell commands, exfiltration of sensitive local files (keys, tokens), or unexpected installation of software/backdoors on the host machine.
- Detection Methods and Tools: Monitoring outgoing network connections from the Claude Desktop process to suspicious external hosts, and auditing system command execution logs for anomalous AppleScript or shell invocations originating from the extension components.
## References
- Vendor advisories: Anthropic advisory (Implied, required for specific patch details).
- Relevant links - defanged: `not specified in source`