Beta build update for CVE-2024-42218?

kop48
kop48
Community Member
in Desktop betas (Mac, Windows, and Linux)

It doesn't look like a new Beta build was released for CVE-2024-42218. Can you confirm if the Beta audience has been left vulnerable, or whether it was silently patched in?

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided

Comments

  • Dave_1P
    Dave_1P

    Hello @kop48! 👋

    As long as you are on version 8.10.38 (August) or later, you have all available fixes.

    You can follow this guide to find the version number of 1Password on your device. If you are not running version 8.10.38 or higher, you can learn how to keep 1Password updated here.

    The team is looking into updating the release notes for the beta version to include mention of the relevant CVEs.

    -Dave

  • kop48
    kop48
    Community Member

    Thanks for clarifying! My concern was more about the Beta audience being 0day'ed by the Production branch. Would be good to see simultaneous CVE disclosure across both branches. :)

  • Dave_1P
    Dave_1P

    Thanks again for the question. 🙂

    -Dave