Apple’s new Passwords app will be released as part of iOS 18, iPadOS 18, and macOS Sequoia. In our testing, we found that it lags slightly behind 1Password’s offering.
However, in a cruel twist, 1Password has revealed that its Mac app 1Password 8 has a security flaw that could allow a malicious actor to obtain a user’s account key if triggered.
Because the key is the literally 1Password, behind which your others are stored, it is important to update to the latest version, 8.10.36. This may also remove items from your 1Password vault.
In a blog post, the company stated:
“An issue has been identified in 1Password for Mac that compromises the app’s platform security protections. This issue allows a malicious process running locally on a computer to bypass inter-process communication protections.”
“This issue was responsibly reported to us by Robinhood’s Red Team after they decided to conduct an independent security assessment of 1Password for Mac. 1Password has not received any reports that this issue has been discovered or exploited by anyone else.”
How to make sure your 1Password Mac app is updated
Although 1Password appears to have no knowledge of anyone attempting to gain access using this “malicious process,” you can keep yourself relatively safe by following these steps:
- Open 1Password 8 for Mac
- Click 1Password in the menu bar, then click Check for Updates.
- Click Check for updates on the Settings screen to make sure you are using the latest version
Thankfully, there is already a solution, but the timing couldn’t have been worse for the company – although users (including me) certainly appreciate the acknowledgement of the problem.
However, with Apple’s Passwords app just around the corner, it remains to be seen whether users will abandon 1Password in favor of the built-in (and free) option.