Fixing Critical Vulnerability: Update Your macOS Password Manager Immediately!

Fixing Critical Vulnerability: Update Your macOS Password Manager Immediately!

Mark Lv13
  2024-08-31 06:09:54 2024-08-31 06:09:54 Created   2024-09-01 06:09:54 2024-09-01 06:09:54 Updated    

Fixing Critical Vulnerability: Update Your macOS Password Manager Immediately!

A flaw in 1Password 8 for macOS may leave vault items exposed to hackers or malware. The issue, which was discovered by Robinhood’s Red Team, is resolved in 1Password 8 version 8.10.36 and later.

This issue, identified as CVE-2024-42219 , is due to an incomplete XPC inter-process communication implementation. In plain English, the thing that’s supposed to prevent untrusted apps from talking to 1Password is broken. An attacker who gains access to a victim’s Mac could impersonate a trusted app (such as the 1Password browser extension), collect security keys from the victim, and swipe the victim’s vaults.

Robinhood’s Red Team, along with 1Password itself, say that CVE-2024-42219 has not been exploited in the wild. It was also patched in the July’s8.10.36 update, meaning that very few 1Password users are currently vulnerable to the threat.

The company hasn’t specified whether CVE-2024-42219 affects 1Password 7, which a small fraction of users still cling to. That said, 1Password 7 is discontinued and no longer receives regular security updates. We do not recommend using 1Password 7.

A screenshot of the 1Password 'About' page with the current version number highlighted.

Andrew Heinzman / How-To Geek

The 1Password desktop app is very good at updating itself. Still, you should check 1Password’s current version number from the “About” panel in the app’s settings (open 1Password, press Command+Comma on your keyboard, and select “About”). If you’re running version 8.10.36 or 8.10.38, you’re all good.

Auto-updates may fail if 1Password isn’t regularly used or if the app’s background processes are disabled. If you find that you’re running an outdated version of 1Password, press the “Check for Updates” button on the “About” page. Or, click “Restart Now” if the app has already detected a new update.

Note that 1Password 8.10.38 may automatically “reset some of your settings to default” as a “safety precaution.” This is due to new security improvements that were previously tested in the beta channel (and are unrelated to CVE-2024-42219). The 1Password team did not anticipate this error message, and it hasn’t specified which settings may be automatically set to default.

Source: 1Password via The Register

Power Tools add-on for Google Sheets, Lifetime subscription

  • Title: Fixing Critical Vulnerability: Update Your macOS Password Manager Immediately!
  • Author: Mark
  • Created at : 2024-08-31 06:09:54
  • Updated at : 2024-09-01 06:09:54
  • Link: https://some-guidance.techidaily.com/fixing-critical-vulnerability-update-your-macos-password-manager-immediately/
  • License: This work is licensed under CC BY-NC-SA 4.0.
On this page
Fixing Critical Vulnerability: Update Your macOS Password Manager Immediately!
  1. Fixing Critical Vulnerability: Update Your macOS Password Manager Immediately!