1Password 8 8.10.36 XPC IPC Validation Bypass for Local Exfiltration
CVE-2024-42219 Published on August 6, 2024
1Password 8 before 8.10.36 for macOS allows local attackers to exfiltrate vault items because XPC inter-process communication validation is insufficient.
Vulnerability Analysis
CVE-2024-42219 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
Improper Validation of Unsafe Equivalence in Input
The product receives an input value that is used as a resource identifier or other type of reference, but it does not validate or incorrectly validates that the input is equivalent to a potentially-unsafe value.
Products Associated with CVE-2024-42219
Want to know whenever a new CVE is published for 1password? stack.watch will email you.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.