1Password Updates macOS App to Fix Vulnerabilities CVE-2024-42218 and CVE-2024-42219

1Password has released security updates to address two vulnerabilities (CVE-2024-42218 and CVE-2024-42219)

1Password, a leading password manager, has released security updates to address two vulnerabilities (CVE-2024-42218 and CVE-2024-42219) discovered in its macOS app. These vulnerabilities could potentially allow attackers to bypass security mechanisms and steal sensitive information, including vault items and login credentials.

Vulnerability Details

  • CVE-2024-42218: This vulnerability affects all 1Password 8 for Mac versions prior to 8.10.38 (August 2024). It allows attackers to exploit outdated versions of the app to circumvent macOS-specific security measures, potentially leading to the theft of sensitive data stored in the macOS Keychain.

  • CVE-2024-42219: This vulnerability, impacting all 1Password 8 for Mac versions before 8.10.36 (July 2024), enables malicious processes running locally on a machine to bypass inter-process communication protections. Attackers could exploit this flaw to hijack or impersonate trusted 1Password integrations, such as the browser extension or CLI, to exfiltrate vault items and login credentials.

Impact and Exploitation

While both vulnerabilities require attackers to run malicious software on a targeted computer, the potential impact is significant. Successful exploitation could result in the unauthorized access and theft of sensitive data stored within 1Password, including passwords, financial information, and personal identification details.

Mitigation

1Password has promptly addressed these vulnerabilities in the latest versions of its macOS app. Users are strongly advised to update to 1Password for Mac version 8.10.38 (August 2024) or later to ensure their sensitive information remains protected.

Related Posts: