iOS 1Password Browser and FreakFlaw [iOS 8.2 & OS X Security Update 2015-002 patch flaw]

mlaurencg4
mlaurencg4
Community Member
edited March 2015 in iOS

According to Freakattack.com, the iOS 1Password browser is vulnerable to the FreakFlaw.

Comments

  • Jasper
    Jasper

    Hi @mlaurencg4,

    The issue in 1Browser is based on Apple-provided code and will be patched when Apple patches iOS.

  • mlaurencg4
    mlaurencg4
    Community Member

    Thanks for that update.

  • iZian
    iZian
    Community Member

    Can't 1Password implement this for safety?
    Chrome browser on iOS is safe. So it must be possible to override / implement.
    Do you want to be beholden to Apple's security patches?

  • mlaurencg4
    mlaurencg4
    Community Member

    Good point - I'm currently having to copy and paste my transactions through Chrome. Can't wait to move back to my 1P browser.

  • littlebobbytables
    littlebobbytables
    1Password Alumni

    With Apple stating that they're issuing a fix this coming week and the fact that all app updates have to be reviewed by Apple I can't see how we or any outside developer could push an update out before Apple does. As I'm not a developer I don't know why Google Chrome for iOS isn't vulnerable but as their last update was the 17th of February I know that they haven't pushed a fix to do so.

    Obviously when Apple release this security fix it is strongly advised to download and install immediately.

  • iZian
    iZian
    Community Member

    I'm not familiar with the turnaround on app update approvals, but that's a separate stack from iOS OTA updates.
    My point was, you could be more independent like Google has obviously been with Chrome. Different security / TLS implementation of what not.
    Chrome hasn't been vulnerable to this since like forever; because they didn't support the type of RSA export.
    There's evidently a precedent for having your own security implementation, and that might be a huge plus factor for an app like this!

  • danco
    danco
    Volunteer Moderator

    Compare the sizes of the two companies. And the fact that Google regard Chrome as a major plus point. Whereas Agile really developed their browser because it was not possible previously to simply let Safari on iOS get passwords direct from 1PW. Now there is the extension mechanism, I don't think major development of the browser will be, or should be, a priority.

  • littlebobbytables
    littlebobbytables
    1Password Alumni

    Please note that yesterday Apple released iOS 8.2 and Security Update 2015-002. These updates patch the FREAK vulnerability for iOS and OS X which includes 1Browser.

    We strongly recommend you install where applicable.

This discussion has been closed.