1Password recently patched a critical vulnerability in its Mac version that could have allowed attackers to steal vault items by bypassing inter-process communication (IPC) protections. The flaw, identified as CVE-2024-42219, affected all versions of 1Password 8 for Mac prior to version 8.10.36. If exploited, the vulnerability could have enabled a malicious process to impersonate trusted 1Password integrations, such as the browser extension or command line interface, leading to the exfiltration of sensitive data, including account unlock keys and vault items.The vulnerability was discovered by the Robin Hood Red Team during an independent security assessment. Although there is no evidence that the flaw was exploited in the wild, 1Password has urged all users to update to version 8.10.36 or later to secure their data. This update includes the necessary patches to address the missing IPC validations and reinforce the app's platform security​.