1Password fixes macOS flaw allowing attacker to steal vault items
Password manager 1Password is warning all Mac users running versions before 8.9.10 to update immediately after a critical flaw was discovered that could allow attackers to exfiltrate encrypted vault items.
The company said an attacker with access to your Mac and network could exploit the flaw, tracked as CVE-2024-42219, to gain access to your 1Password vault without needing to know your Master Password.
1Password also addressed a separate, less-severe flaw, tracked as CVE-2024-42218, which could allow an attacker to access your unlocked vault if they had physical access to your Mac.
Both vulnerabilities require an attacker to have access to your Mac and network, so you should only be at risk if your Mac is compromised or if you're using a 1Password app or integration in an environment with a compromised network connection.
If you have any concerns that your Mac or network may have been compromised, 1Password recommends you change your Master Password immediately.
Comments