Users of the popular password management application 1Password are advised to update the app, as the app’s developer has patched a critical security flaw in its software that could give attackers access to users’ unlock keys and credentials.
In a security post, 1Password revealed the exact details of the flaw, and which application versions are susceptible to attacks.
About the issue
An issue has been identified in 1Password for Mac that affects the app’s platform security protections. This issue enables a malicious process running locally on a machine to bypass inter-process communication protections.
This issue was responsibly disclosed to us by Robinhood’s Red Team after they chose to conduct an independent security assessment of 1Password for Mac. 1Password has received no reports that this issue was discovered or exploited by anyone else.
Who is affected
This issue affects all 1Password 8 for Mac versions before 8.10.36 (July 2024). The issue is resolved in 1Password for Mac version 8.10.36 (July 2024).
Happily, there is no evidence that the exploit has been used in the wild. The issue was discovered during an independent security assessment of the app by the Red Robinhood team, after which it was reported to 1Password.
The security flaw can be easily fixed by updating the 1Password application to version 8.10.36, which is now available.
To check your version of 1Password, do the following:
- Open 1Password on your Mac.
- Select 1Password from the menu bar.
- Click on About 1Password.
- Look at the version number. If it’s not at least 8.10.36, click Check for Updates to download and install the latest version.