AutoJack: AI Agent RCE via Malicious Web Page
🔴 Critical | Source: The Hacker News Microsoft researchers have disclosed ‘AutoJack’, an exploit chain that weaponises AI browsing agents to achieve remote code execution on the host machine. An attacker simply needs to lure the agent to a malicious web page; JavaScript on that page communicates with a privileged local service to spawn a process — requiring no credentials or user interaction beyond the initial navigation. This is significant because it demonstrates that AI agents, which often run with elevated local privileges, dramatically expand the attack surface of any machine they operate on. ...