Apple’s new Passwords app is coming as part of iOS 18, iPadOS 18 and macOS Sequoia, and in our testing we found it to be a little behind 1Password’s offering.
In a cruel twist, however, 1Password has revealed its Mac app, 1Password 8, has a security vulnerability that could, if triggered, allow a bad actor to get to a user’s account key.
Given that the key is the literal 1Password behind which your others are stored, it’s important to update to the latest version, 8.10.36. It can also allow for items to be removed from your 1Password Vault.
In a blog post, the company said:
“An issue has been identified in 1Password for Mac that affects the app’s platform security protections. This issue enables a malicious process running locally on a machine to bypass inter-process communication protections.”
“This issue was responsibly disclosed to us by Robinhood’s Red Team after they chose to conduct an independent security assessment of 1Password for Mac. 1Password has received no reports that this issue was discovered or exploited by anyone else.”
How to ensure your 1Password Mac app is updated
While 1Password seems to be unaware of anyone attempting to gain access using this ‘malicious process’, you can make sure you’re safe with relative ease using the steps below:
- Open 1Password 8 for Mac
- In the menu bar, click 1Password, then ‘Check for Updates’
- In the settings screen, click ‘Check for Updates’ to ensure you’re running the latest version
Thankfully, the fix is already there, but this arguably couldn’t have landed at a worse time for the company – although its admission of the issue is certainly appreciated for users (myself included).
Still, with Apple’s Passwords app on the horizon, it remains to be seen if users will drop 1Password for the baked-in (and free) option.