Critical security flaw found in 1Password 8 for Mac; users urged to update immediately
A critical security vulnerability has been identified in 1Password 8 for Mac, potentially compromising user credentials and account unlock keys. The flaw allows attackers to bypass inter-process communication protections, posing a significant risk to user data.
The vulnerability affects all versions of 1Password 8 for Mac prior to version 8.10.36, released in July 2024. The flaw enables malicious local processes to bypass specific macOS inter-process validations, potentially hijacking or impersonating trusted 1Password integrations like the browser extension or CLI. This could result in the exfiltration of vault items and the acquisition of derived values used for signing in, including the account unlock key and “SRP-𝑥.”
Users are strongly advised to update to version 8.10.36 or later to secure their accounts.