1Password security flaw might make iOS 18's Passwords app even more enticing

Passwords
(Image credit: Apple)

Apple's new Passwords app is coming as part of iOS 18, iPadOS 18 and macOS Sequoia, and in our testing we found it to be a little behind 1Password's offering.

In a cruel twist, however, 1Password has revealed its Mac app, 1Password 8, has a security vulnerability that could, if triggered, allow a bad actor to get to a user's account key.

Given that the key is the literal 1Password behind which your others are stored, it's important to update to the latest version, 8.10.36. It can also allow for items to be removed from your 1Password Vault.

In a blog post, the company said:

"An issue has been identified in 1Password for Mac that affects the app’s platform security protections. This issue enables a malicious process running locally on a machine to bypass inter-process communication protections."

"This issue was responsibly disclosed to us by Robinhood’s Red Team after they chose to conduct an independent security assessment of 1Password for Mac. 1Password has received no reports that this issue was discovered or exploited by anyone else."

How to ensure your 1Password Mac app is updated

While 1Password seems to be unaware of anyone attempting to gain access using this 'malicious process', you can make sure you're safe with relative ease using the steps below:

  • Open 1Password 8 for Mac
  • In the menu bar, click 1Password, then 'Check for Updates'
  • In the settings screen, click 'Check for Updates' to ensure you're running the latest version

Thankfully, the fix is already there, but this arguably couldn't have landed at a worse time for the company - although its admission of the issue is certainly appreciated for users (myself included).

Still, with Apple's Passwords app on the horizon, it remains to be seen if users will drop 1Password for the baked-in (and free) option.

More from iMore

TOPICS
Lloyd Coombes
Contributor

Lloyd Coombes is a freelance writer with a specialism in Apple tech. From his first, hand-me-down iMac, he’s been working with Apple products for over a decade, and while he loves his iPhone and Mac, the iPad will always have his heart for reasons he still can’t quite fathom. Since moving from blogging to writing professionally, Lloyd’s work can be found at TechRadar, Macworld, TechAdvisor and plenty more. He’s also the Editor in Chief at GGRecon.com, and on the rare occasion he’s not writing you’ll find him spending time with his son, or working hard at the gym (while wearing an Apple Watch, naturally). You can find him on Twitter @lloydcoombes.