Zero-day attack on Electron framework

Newbie2018

The attached article suggests that the Electron framework, which 1Password uses, was the target of a recent zero-day attack. What should 1P users be aware of regarding the security of their data?

https://arstechnica.com/security/2023/09/incomplete-disclosures-by-apple-and-google-create-huge-blindspot-for-0-day-hunters/

---

1Password Version: 8.10.16
Extension Version: 2.15.1
OS Version: 13.5.2
Browser: Safari

Dave_1P

Hello @Newbie2018! 👋

Thank you for the question! We released an update (8.10.15) on September 13th to address this:

• 1Password for Mac Releases
• 1Password for Windows Releases
• 1Password for Linux Releases

You can read more here: Security advisory for 1Password 8 for Mac, Windows and Linux

I see that you're already running version 8.10.16 so there's nothing more for you to do. 🙂

-Dave

Newbie2018

Thank you, but I guess I didn’t ask my question very well. Were hackers able to access 1P user data BEFORE 1P was updated? If not, why not, and how do you know for certain? Thx.

Dave_1P

@Newbie2018

The following would be the relevant portion of the security advisory in response to your question:

We have not received reports that this issue is exploited in 1Password apps.

-Dave