A critical vulnerability in 1Password for macOS allows attackers to bypass security measures and access vault items. This issue affects every version of the macOS app. A patch is now available, and users are strongly advised to update their software as soon as possible.
1Password macOS Vulnerability
1Password developers have reported a critical vulnerability, CVE-2024-42219, in the Mac version of the app. Discovered by Robinhood’s Red Team during an independent security assessment, this flaw allows a malicious local process to bypass inter-process communication protections. The vulnerability affects all versions up to 8.10.36.
Vulnerabilities in password managers pose significant risks to both developers and users, as seen with the recent LastPass incident, which resulted in a major credentials leak. Thankfully, 1Password identified and addressed its vulnerability before it could be exploited in real-world attacks.
The CVE-2024-42219 vulnerability in 1Password for Mac (up to version 8.10.36) allows local malicious processes to bypass IPC protections, enabling attackers to steal sensitive data from vaults. This includes critical credentials like the account unlock key and SRP-x values.
To exploit this flaw, attackers must convince users to run malicious software on their machines. The lack of specific macOS IPC checks allows attackers to impersonate or hijack trusted 1Password integrations, such as browser extensions or command-line interfaces. Despite the risk, there have been no reports of this vulnerability being exploited in real-world attacks.
1Password quickly released a patch for the CVE-2024-42219 vulnerability after being informed. The issue was only detailed in the news post-patch, which frustrated some users who didn’t find it in the changelog. The company chose to keep the details confidential initially to protect users.
1Password urges all users to update to version 8.10.36 to address the risk. They also thanked Robinhood’s team for their responsible disclosure and cooperation, which helped provide prompt protection.
Follow Us on: Twitter, Instagram, Facebook to get the latest security news!
Leave A Comment