CVE-2018-13042

Name of the Vulnerable Software and Affected Versions 1Password application version 6.8 for Android

Description The issue allows an external application to crash the 1Password instance by starting certain activities. Specifically, this can be done by starting the activity com.agilebits.onepassword.filling.openyolo.OpenYoloDeleteActivity or com.agilebits.onepassword.filling.openyolo.OpenYoloRetrieveActivity, as they are exported.

Recommendations For 1Password application version 6.8 for Android, consider restricting access to the com.agilebits.onepassword.filling.openyolo.OpenYoloDeleteActivity and com.agilebits.onepassword.filling.openyolo.OpenYoloRetrieveActivity activities to prevent external applications from crashing the 1Password instance. At the moment, there is no information about a newer version that contains a fix for this vulnerability.