Critical vulnerability of 1Password Mac and how to fix it
1Password is one of the most popular password managers in the world. Apple’s OS X has the Keychain Access app for certificates, keys, account information, and passwords, but not everyone likes it, obviously, thus the third-party products with similar features. 1Password, for example, boasts over 6 million users worldwide, as of this writing, and then, there are other password management programs like KeePass, Kaspersky Password Manager, Bitwarden, etc. (you’ll find links to pages where you can download this software at the end of this post).
The popularity of alternative sensitive data storage software means that vulnerabilities in such programs are of critical importance, and they are reported by the developers, it’s the best scenario (for everyone) realized. AgileBits, the company behind 1Password, understands this perfectly; on August 6, 2024, they published a post to their blog describing a vulnerability and suggesting a remedy for it.
1Password 8 vulnerability
Designated as CVE-2024-42219, it allows attackers to exfiltrate vault items without triggering the app's security protections. This flaw is found in all versions prior to 8.10.36; it was discovered by Robinhood's security team during assessment of the software.
Important: currently, there’s no evidence that this vulnerability has been exploited in the wild, but its public disclosure increases the risk of potential attacks, so the first thing you need to do upon hearing the news is update your 1Password 8 for Mac. AgileBit claims to have patched everything already and released the next version, devoid of the reported flaw. To simplify this process and to keep all your programs updated (and secure!), install Mac Informer automated updater (free, no strings attached, no ads):
Should you wish to switch to a different password manager for Mac…
Even with AgileBits honestly reporting a critical flaw in their software, you may feel inclined to switch to a different program that does the same as 1Password. We’ve got you covered; here are 3 possible replacements:
1. KeePassX, one of the most popular password and account data managers in the world; totally free.
2. Kasperksy Password Manager, a specialized program for keeping sensitive bits of data in a secure environment from one of the leading cybersecurity companies on the planet.
Download Kasperksy Password Manager for Mac
3. Bitwarden, a perfect solution when you need to not only store passwords and other credentials securely, but also share them.