|
|
|
|
|
|
by PikachuEXE
676 days ago
|
|
|
Yup, also MacOS only > The security vulnerability was found within 1Password for macOS and targets users of all 1Password 8 for Mac versions before 8.10.36. To exploit this vulnerability, an attacker would have to specifically target 1Password for Mac users and convince them to run malicious software on their computer. An attacker could, the 1Password support posting confirmed, abuse missing macOS-specific inter-process validations in order to impersonate a 1Password browser extension. > The macOS XNU (macOS kernel) inter-process communication framework is system-native and used by 1Password to enforce ‘hardened runtime’ protections that should prevent tampering with such processes and, therefore, prevent certain types of local attacks from taking place. The Robinhood Red Team hackers found a way around this protection during an independent security assessment of 1Password for Mac. |
|
|