August 8, 2024 at 09:49AM
1Password for Mac versions prior to 8.10.36 are susceptible to a bug allowing attackers to steal vault items. 1Password Vaults securely manage passwords for various accounts, with the ability to be shared. Around 150,000 businesses and numerous individual consumers rely on 1Password. To address the vulnerability, users must update to version 8.10.36.
Based on the meeting notes, it is clear that 1Password has identified a vulnerability for Mac users running versions before 8.10.36. This vulnerability could allow attackers to steal vault items. 1Password Vaults are sub-managers within the main app allowing users to separate passwords for different purposes.
It’s important to note that around 150,000 businesses and millions of individual consumers use 1Password, making it difficult to determine exactly how many are affected. The vulnerability is tagged as CVE-2024-42219 (CVSS 7.0), and although there is currently no evidence of exploitation, the risk increases now that it’s public.
To exploit the issue, an attacker would need to install specific software targeting 1Password for Mac. The company hasn’t provided mitigations, so it’s important for users to patch up to version 8.10.36 for increased security. The vulnerability was discovered by the security team at Robinhood after probing 1Password, and they were thanked for their discovery.