Feeds.Feedburner
Vulnerability in Anthropic's Claude Cowork Allows Root Command Execution
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Security researchers at Armadin Inc. have identified an attack chain in Anthropic PBC’s Claude Cowork that allows attackers to execute arbitrary commands as root within its sandbox environment. This vulnerability exploits two weaknesses in the software for Windows, enabling local code execution to escalate privileges. The first weakness involves manipulating a resume flag to bypass user restrictions, while the second allows attackers to override network restrictions, facilitating data exfiltration. Anthropic does not classify this as a security issue, as it requires prior local code execution on the host machine. The vulnerability affects Claude Desktop for Windows version 1.9255.2.0, raising concerns about endpoint security in AI productivity tools. The attack chain has been validated by Armadin, highlighting the risks associated with non-technical user systems running local virtual machines.
Key Points: • Attack chain allows arbitrary command execution as root in Claude Cowork's sandbox. • Exploits two weaknesses: privilege escalation and network restriction bypass. • Anthropic claims the issue requires local code execution, not a direct vulnerability.