urlscan.io logo urlscan.io
SecurityTrails logo

www.helpnetsecurity.com Open in urlscan Pro
18.246.28.103  Public Scan

Back to summary
URL: https://www.helpnetsecurity.com/2024/08/09/cve-2024-42219-cve-2024-42218/
Submission: On August 09 via api from TR — Scanned from CA

Form analysis 2 forms found in the DOM

POST 

<form id="mc4wp-form-1" class="mc4wp-form mc4wp-form-298002 mc4wp-ajax" method="post" data-id="298002" data-name="Breaking news">
  <div class="mc4wp-form-fields"><img decoding="async" class="aligncenter" title="OPIS" src="https://img2.helpnetsecurity.com/posts2024/devider.webp" alt="OPIS">
    <img decoding="async" src="https://img2.helpnetsecurity.com/posts2024/newsletter_ad-550x98px_5.webp" class="aligncenter" alt="OPIS" title="OPIS">
    <br>
    <label>
      <input type="email" name="EMAIL" size="35" placeholder="Please enter your e-mail address" required="">
    </label> <input type="submit" value="Subscribe">
    <p></p>
    <p>
      <label>
        <input type="checkbox" name="AGREE_TO_TERMS" value="1" required=""> I have read and agree to the <a href="https://www.helpnetsecurity.com/privacy-policy/#personalized" target="_blank" rel="noopener">terms &amp; conditions</a>
      </label>
      <img decoding="async" class="aligncenter" title="OPIS" src="https://img2.helpnetsecurity.com/posts2024/devider.webp" alt="OPIS">
    </p>
  </div><label style="display: none !important;">Leave this field empty if you're human: <input type="text" name="_mc4wp_honeypot" value="" tabindex="-1" autocomplete="off"></label><input type="hidden" name="_mc4wp_timestamp"
    value="1723214449"><input type="hidden" name="_mc4wp_form_id" value="298002"><input type="hidden" name="_mc4wp_form_element_id" value="mc4wp-form-1">
  <div class="mc4wp-response"></div>
</form>

POST 

<form id="mc4wp-form-2" class="mc4wp-form mc4wp-form-244483 mc4wp-ajax" method="post" data-id="244483" data-name="Footer newsletter form">
  <div class="mc4wp-form-fields">
    <div class="hns-newsletter">
      <div class="hns-newsletter__top">
        <div class="container">
          <div class="hns-newsletter__wrapper">
            <div class="hns-newsletter__title">
              <i>
                        <svg class="hic">
                            <use xlink:href="#hic-plus"></use>
                        </svg>
                    </i>
              <span>Cybersecurity news</span>
            </div>
          </div>
        </div>
      </div>
      <div class="hns-newsletter__bottom">
        <div class="container">
          <div class="hns-newsletter__wrapper">
            <div class="hns-newsletter__body">
              <div class="row">
                <div class="col">
                  <div class="form-check form-control-lg">
                    <input class="form-check-input" type="checkbox" name="_mc4wp_lists[]" value="520ac2f639" id="mcs1">
                    <label class="form-check-label text-nowrap" for="mcs1">Daily Newsletter</label>
                  </div>
                </div>
                <div class="col">
                  <div class="form-check form-control-lg">
                    <input class="form-check-input" type="checkbox" name="_mc4wp_lists[]" value="d2d471aafa" id="mcs2">
                    <label class="form-check-label text-nowrap" for="mcs2">Weekly Newsletter</label>
                  </div>
                </div>
              </div>
            </div>
            <div class="form-check form-control-lg mb-3">
              <input class="form-check-input" type="checkbox" name="_mc4wp_lists[]" value="28abe5d9ef" id="mcs3">
              <label class="form-check-label" for="mcs3">(IN)SECURE - monthly newsletter with top articles</label>
            </div>
            <div class="input-group mb-3">
              <input type="email" name="email" id="email" class="form-control border-dark" placeholder="Please enter your e-mail address" aria-label="Please enter your e-mail address" aria-describedby="hns-newsletter-submit-btn" required="">
              <button class="btn btn-dark rounded-0" type="submit" id="hns-newsletter-submit-btn">Subscribe</button>
            </div>
            <div class="form-check">
              <input class="form-check-input" type="checkbox" name="AGREE_TO_TERMS" value="1" id="mcs4" required="">
              <label class="form-check-label" for="mcs4">
                <span>I have read and agree to the <a href="https://www.helpnetsecurity.com/newsletter/" target="_blank" rel="noopener" class="d-inline-block">terms &amp; conditions</a>
                </span>
              </label>
            </div>
          </div>
        </div>
      </div>
    </div>
  </div><label style="display: none !important;">Leave this field empty if you're human: <input type="text" name="_mc4wp_honeypot" value="" tabindex="-1" autocomplete="off"></label><input type="hidden" name="_mc4wp_timestamp"
    value="1723214449"><input type="hidden" name="_mc4wp_form_id" value="244483"><input type="hidden" name="_mc4wp_form_element_id" value="mc4wp-form-2">
  <div class="mc4wp-response"></div>
</form>

Text Content

 * News
 * Features
 * Expert analysis
 * Videos
 * Events
 * Whitepapers
 * Industry news
 * Product showcase
 * Newsletters

 * 
 * 
 * 


Please turn on your JavaScript for this page to function normally.
Zeljka Zorz, Editor-in-Chief, Help Net Security
August 9, 2024
Share


CRITICAL 1PASSWORD FLAWS MAY ALLOW HACKERS TO SNATCH YOUR PASSWORDS
(CVE-2024-42219, CVE-2024-42218)



Two vulnerabilities (CVE-2024-42219, CVE-2024-42218) affecting the macOS version
of the popular 1Password password manager could allow malware to steal secrets
stored in the software’s vaults and obtain the account unlock key, AgileBits has
confirmed.

Discovered by the Robinhood Red Team during a security assessment of 1Password
for Mac and then privately reported to the software’s makers, the
vulnerabilities have been fixed in two consecutive versions of the software:
v8.10.36 (released on July 9) and v8.10.38 (released on August 6).

AgileBits says that they have received no reports that these issues were
discovered or exploited by anyone else.


THE VULNERABILITIES (CVE-2024-42219, CVE-2024-42218)

CVE-2024-42219 enables a malicious process – i.e., malware – running locally on
a machine to bypass inter-process communication protections.

“An attacker is able to misuse missing macOS specific inter-process validations
to hijack or impersonate a trusted 1Password integration such as the 1Password
browser extension or CLI,” the company says.

CVE-2024-42218 may allow attackers to bypass macOS-specific security mechanisms
by using outdated versions of the 1Password for Mac app.

“To exploit the issue, an attacker must run malicious software on a computer
specifically targeting 1Password for Mac. If an attacker is able to load an old
version of 1Password on a user’s computer, they could then access 1Password
associated secrets stored in the macOS Keychain,” the advisory notes.

“This issue leverages out-of-date versions of 1Password that contain
vulnerabilities in 3rd party dependencies and are missing security hardening
measures enabled in all modern versions of 1Password. An attacker can use the
existence of these old versions to create an attack on newer versions of the
apps.”

In both cases, exploitation of the flaw would allow the malware to “exfiltrate
vault items, as well as obtain derived values used to sign in to 1Password,
specifically the account unlock key [AUK] and ‘SRP-‘”.

The vulnerabilities affect only 1Password for Mac.

Users don’t have the “Install updates automatically” option switched on are
advised to upgrade to the latest version as soon as possible. Those who do have
had their app already upgraded or will be asked to do it once they start it.


MORE DETAILS ARE FORTHCOMING

The existence of the vulnerabilities has been kept on the down-low until this
week, when the respective security advisories have been published and the page
with the release notes for the software has been updated.

The Robinhood Red team is also scheduled to talk about their research at DEF CON
this Saturday, and more details about the flaws will be released after that.






I have read and agree to the terms & conditions

Leave this field empty if you're human:





More about
 * 1Password
 * CVE
 * macOS
 * password manager
 * passwords
 * security assessment
 * vulnerability

Share


FEATURED NEWS

 * NIS2: A catalyst for cybersecurity innovation or just another box-ticking
   exercise?
 * “Perfect” Windows downgrade attack turns fixed vulnerabilities into zero-days
 * SSHamble: Open-source security testing of SSH services

Download: CIS Critical Security Controls v8.1



SPONSORED

 * eBook: Cloud security skills
 * Download: The Ultimate Guide to the CISSP
 * eBook: Do you have what it takes to lead in cybersecurity?




DON'T MISS

 * NIS2: A catalyst for cybersecurity innovation or just another box-ticking
   exercise?
 * Microsoft 365 anti-phishing alert “erased” with one simple trick
 * “Perfect” Windows downgrade attack turns fixed vulnerabilities into zero-days
 * SSHamble: Open-source security testing of SSH services
 * Traceeshark: Open-source plugin for Wireshark




Cybersecurity news
Daily Newsletter
Weekly Newsletter
(IN)SECURE - monthly newsletter with top articles
Subscribe
I have read and agree to the terms & conditions
Leave this field empty if you're human:

© Copyright 1998-2024 by Help Net Security
Read our privacy policy | About us | Advertise
Follow us
×