1Password Vulnerability Let Attackers Exfiltrate Vault Items
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
A critical vulnerability, designated as CVE-2024-42219, has been identified in 1Password 8 for Mac. This flaw allows malicious actors to exfiltrate vault items by bypassing the app’s platform security protections.
Robinhood’s Red Team responsibly disclosed the issue following an independent security assessment of 1Password for Mac.
CVE-2024-42219 – The Vulnerability
The vulnerability affects the inter-process communication (IPC) protections of 1Password for Mac. Specifically, a malicious process running locally on a machine can exploit this flaw to bypass IPC protections.
This would enable an attacker to hijack or impersonate trusted 1Password integrations, such as the 1Password browser extension or Command Line Interface (CLI).
Who is Affected
This vulnerability affects all versions of 1Password 8 for Mac before version 8.10.36 (released in July 2024). Users running these versions risk having their vault items exfiltrated by malicious software.
To mitigate this risk, users of affected versions are strongly advised to update to the latest version, 1Password for Mac 8.10.36. The updated version includes necessary patches to address the security flaw.
Impact and Exploitability
To exploit this vulnerability, an attacker must run malicious software on a target computer designed to exploit 1Password for Mac. The attacker can misuse missing macOS-specific inter-process validations to hijack or impersonate a trusted 1Password integration.
This could allow the exfiltration of vault items and the acquisition of derived values used to sign in to 1Password, including the account unlock key and “SRP-𝑥”.
1Password utilizes the system-native XPC interface for inter-process communication on macOS. XPC enforces additional protections through the hardened runtime, which prevents specific local attacks by ensuring processes have protections against tampering.
This vulnerability resulted from missing inter-process validations, which have now been addressed in the latest update. 1Password has expressed gratitude to Robinhood’s Red Team for their responsible disclosure, which has enabled the company to protect its customers proactively.
The company has confirmed that there have been no reports of this issue being discovered or exploited by anyone else.
#Cyber_Security #Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
1Password Vulnerability Let Attackers Exfiltrate Vault Items
Author: DhivyaA critical vulnerability, designated as CVE-2024-42219, has been identified in 1Password 8 for Mac. This flaw allows malicious actors to exfiltrate vault items by bypassing the app’s platform security protections.
Robinhood’s Red Team responsibly disclosed the issue following an independent security assessment of 1Password for Mac.
CVE-2024-42219 – The Vulnerability
The vulnerability affects the inter-process communication (IPC) protections of 1Password for Mac. Specifically, a malicious process running locally on a machine can exploit this flaw to bypass IPC protections.
This would enable an attacker to hijack or impersonate trusted 1Password integrations, such as the 1Password browser extension or Command Line Interface (CLI).
Who is Affected
This vulnerability affects all versions of 1Password 8 for Mac before version 8.10.36 (released in July 2024). Users running these versions risk having their vault items exfiltrated by malicious software.
To mitigate this risk, users of affected versions are strongly advised to update to the latest version, 1Password for Mac 8.10.36. The updated version includes necessary patches to address the security flaw.
Impact and Exploitability
To exploit this vulnerability, an attacker must run malicious software on a target computer designed to exploit 1Password for Mac. The attacker can misuse missing macOS-specific inter-process validations to hijack or impersonate a trusted 1Password integration.
This could allow the exfiltration of vault items and the acquisition of derived values used to sign in to 1Password, including the account unlock key and “SRP-𝑥”.
1Password utilizes the system-native XPC interface for inter-process communication on macOS. XPC enforces additional protections through the hardened runtime, which prevents specific local attacks by ensuring processes have protections against tampering.
This vulnerability resulted from missing inter-process validations, which have now been addressed in the latest update. 1Password has expressed gratitude to Robinhood’s Red Team for their responsible disclosure, which has enabled the company to protect its customers proactively.
The company has confirmed that there have been no reports of this issue being discovered or exploited by anyone else.
#Cyber_Security #Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
