{"id":216978,"date":"2025-07-02T02:10:51","date_gmt":"2025-07-02T07:10:51","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2025\/07\/new-flaw-in-ides-like-visual-studio-code-lets-malicious-extensions-bypass-verified-status"},"modified":"2025-07-02T02:10:51","modified_gmt":"2025-07-02T07:10:51","slug":"new-flaw-in-ides-like-visual-studio-code-lets-malicious-extensions-bypass-verified-status","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2025\/07\/new-flaw-in-ides-like-visual-studio-code-lets-malicious-extensions-bypass-verified-status","title":{"rendered":"New Flaw in IDEs Like Visual Studio Code Lets Malicious Extensions Bypass Verified Status"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/new-flaw-in-ides-like-visual-studio-code-lets-malicious-extensions-bypass-verified-status.jpg\"><\/a><\/p>\n<p>A new study of integrated development environments (IDEs) like Microsoft Visual Studio Code, Visual Studio, IntelliJ IDEA, and Cursor has revealed weaknesses in how they handle the extension verification process, ultimately enabling attackers to execute malicious code on developer machines.<\/p>\n<p>\u201cWe discovered that flawed verification checks in Visual Studio Code allow publishers to add functionality to extensions while maintaining the verified icon,\u201d OX Security researchers Nir Zadok and Moshe Siman Tov Bustan <a href=\"https:\/\/www.ox.security\/can-you-trust-that-verified-symbol-exploiting-ide-extensions-is-easier-than-it-should-be\/\" rel=\"noopener\" target=\"_blank\">said<\/a> in a report shared with The Hacker News. \u201cThis results in the potential for malicious extensions to appear verified and approved, creating a false sense of trust.\u201d<\/p>\n<p>Specifically, the analysis found that Visual Studio Code sends an HTTP POST request to the domain \u201cmarketplace.visualstudio[.]com\u201d to determine if an extension is verified or otherwise.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A new study of integrated development environments (IDEs) like Microsoft Visual Studio Code, Visual Studio, IntelliJ IDEA, and Cursor has revealed weaknesses in how they handle the extension verification process, ultimately enabling attackers to execute malicious code on developer machines. \u201cWe discovered that flawed verification checks in Visual Studio Code allow publishers to add functionality [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1492],"tags":[],"class_list":["post-216978","post","type-post","status-publish","format-standard","hentry","category-security"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/216978","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=216978"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/216978\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=216978"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=216978"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=216978"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}