Getting started with 1Password for your growing team, or refining your setup? Our Secured Success quickstart guide is for you.
Forum Discussion
AutoSpill information
I am looking for 1Password's release about how it will be mitigating our exposure to the AutoSpill vulnerability.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version...
1P_Dave
Moderator
ModeratorHello everyone,
As mentioned by my colleague, a fix for AutoSpill has been identified and is currently being worked on. The fix is designed to enhance our security measures and will be released as soon as possible.
I wanted to quote the following for anyone who might have missed it from earlier in the thread:
It's important to note that 1Password's autofill already requires explicit user action for operation. The update will bolster this security feature by ensuring that only the fields in Android's WebView are autofilled, preventing unintended credential entry into native app fields. It's also important to understand that the AutoSpill issue can only be exploited under very rare and specific conditions - first, if there's a malformed or malicious app installed on the device, and second, if there is intentional interaction to fill in a questionable WebView within that app. Both conditions would need to be true to experience any vulnerability. Our update will mitigate these risks even further.
I've made a note to update this thread as soon as I'm able to share more.
-Dave
