1Password security issue – update NOW

An update to one of our favorite apps, 1Password, has been made available using the auto-update feature.

In particular, it is aimed toward users of version 2.9.17. The issue is that if you sync with your iPhone/Touch using wifi, the log file is keeping your passwords available in clear text - I have confirmed this and highly recommend that you update 1Password IMMEDIATELY.

To verify, open the '1Password.log' file located in the path below in a text editor (or QuickView it). Your passwords are clearly visible instead of being encoded. Not good.

Please note: this is absolutely not meant to dissuade you from using 1P, in fact, I am actually heartened that they noticed it so quickly and made a fix available. That's a sign of craftsmanship, folks.

From the release notes:
Important: A potential issue in 2.9.17 could cause secure information to be logged in clear text during Wi-Fi syncing. Because of this issue, it is recommended that you securely delete the ~/Library/Logs/1Password folder after installing this update.

Post Data

• Posted: Jun 4, 2009 by Scott McDaniel
• Tags: 1password, apps, iphone, security
• Short URL: http://bit.ly/Ju1Ll

Related Posts

• 1Password 2.9.19 brings support for Apple’s new Safari 4 browser
• The 10 Mac apps you meet in heaven
• The next big iPhone app: Stalk-Her
• Zerion seeking interesting projects to donate iPhone survey platform
• Readdle celebrates its Second Anniversary