Beta build update for CVE-2024-42218?

Question

It doesn't look like a new Beta build was released for CVE-2024-42218. Can you confirm if the Beta audience has been left vulnerable, or whether it was silently patched in?

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided

1p_dave · Answer

Thanks again for the question. 🙂

-Dave

1p_dave · Answer

Hello kop48! 👋

As long as you are on version 8.10.38 (August) or later, you have all available fixes.

You can follow this guide to find the version number of 1Password on your device. If you are not running version 8.10.38 or higher, you can learn how to keep 1Password updated here.

The team is looking into updating the release notes for the beta version to include mention of the relevant CVEs.

-Dave

kop48 · Answer

Thanks for clarifying! My concern was more about the Beta audience being 0day'ed by the Production branch. Would be good to see simultaneous CVE disclosure across both branches. :)

Forum Discussion

Beta build update for CVE-2024-42218?

Recent Discussions

Experiment #7 - Anti-Peek Mode

A secure note has disappeared

Pre-populated login field issues

Please add an option for hiding the contents of categories

No longer able to access 1Password Passkey Beta