{"id":26181,"date":"2024-08-09T12:06:08","date_gmt":"2024-08-09T12:06:08","guid":{"rendered":"https:\/\/gridinsoft.com\/blogs\/?p=26181"},"modified":"2024-08-09T12:06:08","modified_gmt":"2024-08-09T12:06:08","slug":"1password-vulnerability-macos","status":"publish","type":"post","link":"https:\/\/gridinsoft.com\/blogs\/1password-vulnerability-macos\/","title":{"rendered":"1Password Vulnerability for MacOS Causes Credentials Leak"},"content":{"rendered":"<p><strong>A critical vulnerability was discovered in 1Password<\/strong> that allows attackers to steal vault items by bypassing the app\u2019s security measures. It affects only the macOS version of the program, and touches every single version of the app. A patch is now available, and users are strongly advised to update as soon as possible.<\/p>\n<h2>1Password Vulnerability Let Attackers Exfiltrate Vault Items<\/h2>\n<p>1Password developers <a href=\"https:\/\/support.1password.com\/kb\/202408a\/\" rel=\"noopener noreferrer nofollow\" target=\"_blank\">reported a critical vulnerability<\/a> found in the Mac version of the app. This vulnerability, identified as <strong>CVE-2024-42219<\/strong>, was discovered by Robinhood\u2019s Red Team during an independent security assessment of 1Password for Mac. It allows a malicious process running locally on a computer to bypass protections for inter-process communication. This issue affects all app versions <strong>up to 8.10.36<\/strong>.<\/p>\n<div class=\"su-quote su-quote-style-default su-quote-has-cite\"><div class=\"su-quote-inner su-u-clearfix su-u-trim\">On macOS, 1Password uses the system-native XPC interface for inter-process communication. XPC allows enforcing additional protections called the hardened runtime which allows enforcing processes you communicate with have additional protections from process tampering. This prevents certain local attacks from being possible.<span class=\"su-quote-cite\">1Password Support<\/span><\/div><\/div>,<\/p>\n<p>Vulnerabilities in password managers are always a massive source of headache for both developers and users. Recent events <a href=\"https:\/\/gridinsoft.com\/blogs\/last-pass-breach-updates\/\">around the LastPass password manager<\/a>, that led to a huge leak of login credentials, is the perfect example of what may happen if that case is not managed properly. <strong>Fortunately, 1Password acknowledged the issue<\/strong> way before hackers started exploiting it in real-world attacks.<\/p>\n<h2>Technical Details<\/h2>\n<p><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-42219\" rel=\"noopener noreferrer nofollow\" target=\"_blank\">The CVE-2024-42219 vulnerability<\/a> is related to bypassing inter-process communication (IPC) protections in 1Password for Mac across all versions up to 8.10.36. If a malicious process is running locally on the computer, it can circumvent these protections. This allows attackers to steal vault items and obtain credentials necessary for logging into 1Password, such as the account unlock key and SRP-\ud835\udc65 (Secure Remote Password) values. 1Password Vaults are secure containers for storing and organizing items, allowing users to share specific information with selected individuals. Essentially, they are mini password managers within the main application.<\/p>\n<p>However, certain conditions are required <a href=\"https:\/\/gridinsoft.com\/exploits\">to exploit this vulnerability<\/a>: the attacker needs <strong>to convince the user to execute malicious software<\/strong> on their computer. During the attack, the absence of specific macOS checks for inter-process communication can be exploited. This allows the attacker to spoof or hijack trusted 1Password integrations, such as the browser extension or command-line interface. Fortunately, there have been no reports of this vulnerability being exploited in the wild.<\/p>\n<h2>1Password\u2019s Response<\/h2>\n<p>1Password promptly released an update to patch <a href=\"https:\/\/gridinsoft.com\/vulnerability\">this vulnerability<\/a> as soon as they were notified. Details about the issue were disclosed on relevant news platforms after the patch was released, which upset some users who expected to see it in the changelog. However, it\u2019s clear that the company maintained informational silence to ensure user safety.<\/p>\n<p>1Password strongly recommends that all users <strong>update their app to version 8.10.36<\/strong> as soon as possible to mitigate potential risks. The company also expressed gratitude to Robinhood&#8217;s team for responsibly disclosing the vulnerability and for their close collaboration, which ensured timely protection for users.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A critical vulnerability was discovered in 1Password that allows attackers to steal vault items by bypassing the app\u2019s security measures. It affects only the macOS version of the program, and touches every single version of the app. A patch is now available, and users are strongly advised to update as soon as possible. 1Password Vulnerability [&hellip;]<\/p>\n","protected":false},"author":7,"featured_media":26190,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":"","_sitemap_exclude":false,"_sitemap_priority":"","_sitemap_frequency":"","footnotes":""},"categories":[15],"tags":[619,75,374],"class_list":{"0":"post-26181","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-security-news","8":"tag-cybersecurity","9":"tag-passwords","10":"tag-vulnerability"},"featured_image_src":"https:\/\/gridinsoft.com\/blogs\/wp-content\/uploads\/2024\/08\/1Password-Vulnerability.webp","author_info":{"display_name":"Stephanie Adlam","author_link":"https:\/\/gridinsoft.com\/blogs\/author\/adlam\/"},"_links":{"self":[{"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/posts\/26181","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/comments?post=26181"}],"version-history":[{"count":10,"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/posts\/26181\/revisions"}],"predecessor-version":[{"id":26193,"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/posts\/26181\/revisions\/26193"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/media\/26190"}],"wp:attachment":[{"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/media?parent=26181"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/categories?post=26181"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/tags?post=26181"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}