If you are using 1Password, make sure to update it now

in #security3 months ago

padlock-lock-chain-key-39624.jpeg

Password manager 1Password patched a CVE in the MacOS app that could have allowed an attacker to steal hack your private data.

In a disclosure, they posted that they recently addressed two critical vulnerabilities affecting its macOS app, identified as CVE-2024-42219 and CVE-2024-42218. These vulnerabilities could potentially allow attackers to bypass security mechanisms and steal sensitive information from users’ vaults.

The CVE is roughly as follows:

CVE-2024-42219: This vulnerability involves a flaw in inter-process communication protections on macOS. It allows a malicious program running locally on a user’s machine to hijack or impersonate trusted 1Password integrations like the browser extension. This could enable attackers to exfiltrate vault items and potentially access sensitive information such as passwords and login credentials.

CVE-2024-42218: This issue affects older versions of the 1Password application for Mac, where attackers could exploit outdated software to bypass macOS-specific security mechanisms. This could lead to unauthorized access to sensitive data stored in the macOS Keychain.

So far, researchers haven't found any evidence that the vulnerability was actually used by an attacker. For an attack to be executed, the malware developer would have needed to write a program specifically targeting 1Password for MacOs, and they would have needed to trick the user into downloading and running the program.

Sort:  

Congratulations, your post has been upvoted by @upex with a 1.59% upvote. We invite you to continue producing quality content and join our Discord community here. Visit https://botsteem.com to utilize usefull and productive automations #bottosteem #upex

Coin Marketplace

STEEM 0.21
TRX 0.20
JST 0.034
BTC 90827.60
ETH 3116.50
USDT 1.00
SBD 2.97