A vulnerability in Google’s AI assistant Gemini allowed attackers to leak private meeting details through malicious Calendar events, exploited via prompt injection. Google has acknowledged and fixed the security flaw. #GoogleGemini #CalendarVulnerability
Keypoints
- The vulnerability involved creating malicious calendar events linked to Google Gemini AI assistant.
- Attackers used prompt injection to extract private meeting data by influencing event descriptions.
- The attack bypassed privacy controls by exploiting Gemini’s integration with Google Calendar.
- The payload was disguised as harmless user instructions but was semantically harmful when processed.
- Google confirmed and patched the vulnerability after it was reported by cybersecurity firm Miggo.
Read More: https://www.securityweek.com/weaponized-invite-enabled-calendar-data-theft-via-google-gemini/