1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • 1Password urges Mac users to patch now to avoid having their data

    From TechnologyDaily@1337:1/100 to All on Fri Aug 9 16:15:04 2024
    1Password urges Mac users to patch now to avoid having their data stolen

    Date:
    Fri, 09 Aug 2024 15:59:55 +0000

    Description:
    This 1Password vulnerability could expose your vaults to theft, so patch now

    FULL STORY ======================================================================

    1Password, one of the best password managers around right now, has urged Mac users to download a patch for their credential storage after a bug was discovered that allows attackers to crack open vaults.

    1Password allows users to create password vaults within the app to separate their credentials between work and personal life for example.

    But this vulnerability, tracked as CVE-2024-42219 with a CVSS of 7.0, could
    be exploited by attackers to steal entire vaults of passwords from macOS
    users running 1Password version 8.10.36. Cracking the vault

    The flaw was discovered by security teams from Robinhood, who decided to test the 1Password app for vulnerabilities. Specifically, the National Vulnerability Database describes the flaw as allowing local attackers to exfiltrate vault items because XPC inter-process communication validation is insufficient.

    In an advisory , the company stated, To exploit the issue, an attacker must run malicious software on a computer specifically targeting 1Password for
    Mac. An attacker is able to misuse missing macOS-specific inter-process validations to hijack or impersonate a trusted 1Password integration such as the 1Password browser extension or CLI.

    This would permit the malicious software to exfiltrate vault items, as well
    as obtain derived values used to sign in to 1Password, specifically the account unlock key and SRP-.

    The only way to exploit this flaw, an attacker would have to trick the users into installing a custom made program on the target machine, but so far there is no evidence that this has been done in the wild.

    1Password states that around 150,000 businesses rely on 1Password to store important credentials, but it is unclear how many of these use macOS devices. Windows users are not affected by this vulnerability. More from TechRadar Pro These are the best Mac antivirus solutions One of the biggest data breaches ever leaks details on billions of users here's what we know so far Take a look at our guide to the best free password managers



    ======================================================================
    Link to news story: https://www.techradar.com/pro/1password-urges-mac-users-to-patch-now-to-avoid- having-their-data-stolen


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)