1Password for Mac 7.2.4 through 7.9.x before 7.9.3 is vulnerable to a process validation bypass. Malicious software running on the same computer can exfiltrate secrets from 1Password provided that 1Password is running and is unlocked. Affected secrets include vault items and derived values used for signing in to 1Password.
References
Link | Resource |
---|---|
https://support.1password.com/kb/202204/ | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-05-09T18:34:50
Updated: 2022-05-09T18:34:50
Reserved: 2022-04-27T00:00:00
Link: CVE-2022-29868
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-05-09T19:15:07.933
Modified: 2022-05-18T16:45:36.750
Link: CVE-2022-29868
JSON object: View
Redhat Information
No data.
CWE