Techly NewsGet the app

Get the latest tech news

Critical 1Password Security Flaw Could Let Hackers Steal Unlock Key


Users of the 1Password password manager application for macOS have been urged to ensure they are using the latest version after hackers discover a key-stealing flaw.

In a 1Password support posting it was stated that CVE-2024-42219 could enable a “malicious process running locally on a machine to bypass inter-process communication protections” and allow the malicious software in question to “exfiltrate vault items, as well as obtain derived values used to sign in to 1Password, specifically the account unlock key and SRP-𝑥.” SRP refers to the Secure Remote Password and forms just one part of the multi-layer security protecting access to 1Password vaults. We appreciate that Robinhood’s Red Team disclosed and collaborated closely with us to address these issues ahead of their presentation at DEFCON this Saturday at 2pm PT. An attacker could, the 1Password support posting confirmed, abuse missing macOS-specific inter-process validations in order to impersonate a 1Password browser extension.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of Hackers

Hackers

Photo of Security flaw

Security flaw

Photo of unlock key

unlock key

Related news:

News photo

Hackers could exploit major 5G baseband security flaw, researchers say

News photo

Hackers could spy on cell phone users by abusing 5G baseband flaws, researchers say

News photo

Point of entry: Why hackers target stolen credentials for initial access

« Judge Fines Ripple $125M, Bans Future Securities Law Violations
macOS Sequoia Makes It Harder To Run Apps That Aren't Properly Signed or Notarized »