Originally published on: August 08, 2024
1Password, a popular password manager, has swiftly patched a vulnerability in its Mac software that could have been exploited by attackers to steal sensitive vault data. The flaw, disclosed on Aug. 6, posed a potential risk to users who store essential crypto assets, such as wallet seed words and private keys, in their 1Password vaults.
The vulnerability, identified by the Robinhood Red team, could have allowed attackers to hijack or impersonate trusted 1Password integrations like the browser extension or command line interface. By exploiting missing macOS-specific inter-process validations, attackers could potentially exfiltrate valuable vault items, putting users at risk of data theft.
To address this security loophole, 1Password released an urgent patch in version 8.10.36 and is urging all users to update their software immediately to fortify their defenses against this potential attack vector. Renowned figures in the crypto community, such as Jameson Lopp, have also highlighted the importance of staying vigilant and raising awareness about such vulnerabilities.
Furthermore, 1Password emphasized its use of the “hardened runtime” feature in MacOS versions 10.0 and above to prevent malicious attacks like code injection and DLL hijacking. While the software attempted to leverage this protective feature, earlier versions lacked essential inter-process validations, making it susceptible to local attacks that could compromise sensitive data like account unlock keys and SRP-x variables.
Fortunately, there is no evidence to suggest that the vulnerability was exploited by attackers, but caution is still advised. Users are encouraged to verify that they are running 1Password version 8.10.36 or later to ensure protection against potential threats.
Storing crypto assets securely is paramount in the face of evolving cyber threats. Past incidents, such as the LastPass breach, serve as a stark reminder of the risks associated with entrusting sensitive information to password managers. By staying informed and proactive, users can safeguard their assets and mitigate the dangers posed by vulnerabilities in security software.