"The hooks defined in these configuration files control the execution of user commands at specified points. Check Point researchers discovered that an attacker can add hooks that trigger the execution of arbitrary commands on developers' devices. While Claude requested explicit approval from the user to execute other files within a project, it did not request permission to run hook commands, automatically running them when the project was initialized."
"The researchers also looked at MCP integrations designed to enable the use of additional services when a project is opened. They found that configuration settings could be used to override user approval for external actions, thus bypassing consent mechanisms."
"Manipulating the configuration settings could have allowed an attacker to redirect API traffic to the attacker's server, enabling them to exfiltrate API keys and capture credentials."
Check Point security researchers identified serious vulnerabilities in Anthropic's Claude Code AI-powered coding assistant. The vulnerabilities exploited configuration files that customize model preferences, tool integrations, and automated hooks. Attackers could add malicious hooks to execute arbitrary commands without user approval, bypass consent mechanisms for external actions through MCP integrations, and redirect API traffic to steal credentials. Configuration files are automatically copied when repositories are cloned and can be modified by anyone with repository access. Claude Code did not request permission before running hook commands during project initialization, creating a significant security gap. Anthropic has since implemented patches and mitigations to address these issues.
#ai-security-vulnerabilities #claude-code-exploits #configuration-file-attacks #api-key-theft #developer-security
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]