PleaseFix Flaw Lets Hackers Access 1Password Vault via Comet AI Browser
hackread.comResearchers at Zenity Labs uncover PleaseFix flaws in Perplexity’s Comet browser. See how zero-click calendar invites allow AI agents to steal 1Password credentials and personal files.
A significant security gap has been closed in the Comet AI browser created by Perplexity. Following a detailed investigation, researchers at Zenity Labs discovered a family of flaws they named PleaseFix. Researchers found that a malicious calendar invitation could hijack the browser’s AI assistant to steal personal files and even take over a user’s 1Password vault.
As we know it, agentic browsers are designed to be super-assistants that can read, click, and act on your behalf. However, probing further, researchers found that these tools often cannot distinguish between a user’s command and a malicious instruction hidden in a website or email.
The Zero-Click Entry Point
The attack is particularly dangerous because it is zero-click. A user does not need ...
Copyright of this story solely belongs to hackread.com . To see the full text click HERE