Claude Desktop preference sync turned into command-execution path

Claude Desktop preference sync turned into command-execution path


Claude Desktop preference sync turned into command-execution path

Researchers at Claude Desktop showed an attack chain where access to a victim’s account lets an operator poison the synced Personal Preferences field with an encoded prompt injection. If a command-capable extension such as Desktop Commander is present, the next normal chat can trigger local command execution; if not, the assistant can display a fake error flow pushing the user to install it.

The significance is architectural rather than a single software flaw: trusted cross-device settings, tool-enabled local execution, and conversational UI combine into an execution surface. In testing, the chain enabled persistent remote tasking through routine user interactions.

️ Open sources - closed narratives

@sitreports

Source: Telegram "sitreports"

Report Page