PC World's Article about security issue [Resolved with version 8.10.15 and later]

Mork

1Password is mentioned as one of the software programs that could be affected by this "level 10" vulnerability.

The article states: "The vulnerability is related to the open Libwebp library, which numerous programs use. Thus, applications such as Gimp, Libreoffice, Telegram, 1Password, and many others could also become targets of an attack"

Will you have a patch quickly for this or is this not anything to worry about?

Thanks

---

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided

Dave_1P

Hello @Mork! 👋

Thank you for the question! We released an update (8.10.15) on September 13th to address this:

• 1Password for Mac Releases
• 1Password for Windows Releases
• 1Password for Linux Releases

You can read more here: Security advisory for 1Password 8 for Mac, Windows and Linux

If you have automatic updates turned on then you're already running the latest version and there's nothing more that you need to do: How to keep 1Password up to date

-Dave

Mork

Thanks Dave.

Was there much danger to my data before 8.0.15?

Dave_1P

@Mork

Thanks for the reply. We have not received reports of this issue being exploited in 1Password.

-Dave

Mork

I’m not sure how people would know the vulnerability had been exploited. It’s a scary time.

Dave_1P

@Mork

Thanks for the reply. There is no indication that 1Password was targeted. And, as noted in the security advisory:

1Password only shows images provided by other users in the account, in the form of icons or avatars. As a result, an attacker needs to share an account with a victim to perform the attack.

Let me know if you have any other questions.

-Dave