1Password, a widely trusted password manager, recently patched a critical vulnerability in its Mac version that could have allowed attackers to steal sensitive vault data. Discovered by Robinhood’s Red Team, this flaw was disclosed on August 6, 2024.
The vulnerability specifically affected versions of 1Password for Mac prior to 8.10.36, leaving users at risk if they hadn’t yet updated their software. The issue exploited a lack of inter-process validations, which could be used by an attacker to impersonate trusted integrations like the 1Password browser extension or command-line interface. This impersonation could allow malicious software to exfiltrate vault items, including crucial data like account unlock keys and SRP-x values, necessary for accessing a user’s secure vault. As explained by 1Password in its latest blog post:
To exploit the issue, an attacker must run malicious software on a computer specifically targeting 1Password for Mac. An attacker is able to misuse missing macOS specific inter-process validations to hijack or impersonate a trusted 1Password integration such as the 1Password browser extension or CLI.
This would permit the malicious software to exfiltrate vault items, as well as obtain derived values used to sign in to 1Password, specifically the account unlock key and “SRP-𝑥”.
The flaw was severe because many cryptocurrency users rely on 1Password to store vital information such as wallet seed words, private keys, and exchange passwords. If successfully exploited, the vulnerability could have allowed attackers to gain access to these sensitive items, although they would first need to trick users into installing malware on their devices. Fortunately, no evidence suggests that this exploit was used in the wild, and 1Password acted swiftly to address the issue by releasing version 8.10.36, which effectively neutralizes the threat.
This issue affects all 1Password 8 for Mac versions before 8.10.36 (July 2024). The issue is resolved in 1Password for Mac version 8.10.36 (July 2024).
The vulnerability centered around the bypassing of macOS’s hardened runtime protections, a feature designed to prevent various local attacks. Earlier versions of 1Password for Mac lacked the necessary inter-process validations to fully leverage this protection, creating a potential entry point for attackers.
By updating to version 8.10.36, users can ensure that their vaults are protected from this specific attack vector.
Read more:
- PSA: Apple to patch major 0.0.0.0 vulnerability in Safari 18
- PSA: New Mac malware steals passwords, crypto, and more via malicious apps
- PSA: Fake Apple texts threaten iPhones! Here’s how to secure your Apple ID
- PSA: New phishing “MFA Bombing,” attack targets Apple IDs
- PSA: Apple Silicon chips vulnerable to encryption key theft
