CVE-2022-32550 An issue was found in AgileBits 1Password's method for connecting to the 1Password service.

CVE-2022-32550 An issue was found in AgileBits 1Password's method for connecting to the 1Password service.

This could then lead to the disclosure of passwords or other sensitive data. To reduce the likelihood of this happening, 1Password apps and integrations are constantly checking whether they are communicating with the 1Password service. If they are not, they will display a warning message. 1Password users are encouraged to review the security settings in their 1Password apps and integrations, and ensure that only trusted connections are allowed. 1Password will now warn users when they are about to use an untrusted connection, so they can ensure their data remains secure. In addition to this change, 1Password will now display a notification when a connection is untrusted.
In order to reduce the possibility of a user being prompted to update a password, 1Password will now show a notification when a password is about to be updated. An issue was discovered in 1Password for Teams, which could allow a malicious team member to spoof the 1Password sign-in page and steal passwords. 1Password will now show a notification if a team member is attempting to impersonate the admin of any team. An issue was discovered in the 1Password extension for Safari, which could allow a malicious website to steal passwords. 1Password will now show a notification if a website is attempting to spy on passwords. An issue was discovered in the 1Password extension for Firefox, which could allow a malicious website to steal passwords

What to do if you’re currently using 1Password

If you are currently using 1Password and have not updated, you should check to see if your version is affected by the security issues identified. If it is, you should update to the latest version of 1Password as soon as possible.
For more information on what has been fixed in the updates for each app, please refer to the respective blog posts about those apps on the 1Password blog:
- iPhone apps:   https://1password.com/blog/iphone-apps-security-update/
- Mac apps:  https://1password.com/blog/mac-apps-security-update/
- iOS apps: https://1password.com/blog/ios-apps-security-update/

What to do if you’re affected by the 1Password Security Alerts

1Password users should immediately make sure that they are using a trusted connection to the 1Password service and stop using untrusted connections. If you continue to use an untrusted connection, your data could be compromised
To learn more, please visit https://1password.com/securityalerts

New 1Password versions

The release of version 9.6 for macOS, 1Password 7.4 for Windows, and 1Password 5.3 for iOS includes the following:

- A number of performance improvements to the 1Password browser extension
- A number of new features, including “out of office” notifications, new item quick actions, and a new filtering feature

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe