Megamind

**Name of the Vulnerable Software and Affected Versions** 1Password for Mac versions 7.7.0 through 7.8.x before 7.8.7 **Description** The Safari app extension bundled with 1Password for Mac is vulnerable to authorization bypass. A malicious web page could read a subset of 1Password vault items, including usernames and passwords for vault items associated with its domain, usernames and passwords without a domain association, credit cards, and contact items, by targeting a vulnerable component of this extension. These items are accessible when 1Password is unlocked, and no further user interaction is required. **Recommendations** For 1Password for Mac versions 7.7.0 through 7.8.x before 7.8.7, update to version 7.8.7 or later to resolve the issue. As a temporary workaround, consider disabling the Safari app extension until a patch is available. Restrict access to sensitive vault items to minimize the risk of exploitation. Avoid using the 1Password extension on untrusted web pages until the issue is resolved.