CVE-2024-42219
CVE-2024-42219
In short
1Password 8 on macOS before version 8.10.36 has a security flaw that allows local attackers to steal vault items through improper validation of inter-process communication, putting your stored passwords and sensitive data at risk.
Technical detail
CVE-2024-42219 exploits insufficient XPC inter-process communication validation in 1Password 8 for macOS (before 8.10.36), allowing local attackers to exfiltrate vault items. The attack requires local access to the system and bypasses intended IPC security controls. This results in unauthorized access to encrypted vault contents without requiring the user's master password.
Summary generated and translated by AI from the official description.
1Password 8 before 8.10.36 for macOS allows local attackers to exfiltrate vault items because XPC inter-process communication validation is insufficient.
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →