The makers of 1Password have gone into detail about how the unauthorized cross-resource attack affects their app.
It’s a compelling read for anyone interested in the recently disclosed XARA grouping of exploits. Specifically, AgileBits explains how this XARA exploit can be used to sniff data from WebSockets, and how difficult it is to guard against the attack. Jeffrey Goldberg, writing for the AgileBits blog
The threat is that a malicious Mac app can pretend to be 1Password mini as far as the 1Password browser extension is concerned if it gets the timing right. In these cases, the malicious app can collect Login details sent from the 1Password browser extension to the fake 1Password mini. The researchers have demonstrated that it is possible to install a malicious app that might be able to put itself in a position to capture passwords sent from the browser to 1Password.
Note that their attack does not gain full access to your 1Password data but only to those passwords being sent from the browser to 1Password mini. In this sense, it is getting the same sort of information that a malicious browser extension might get if you weren’t using 1Password.
It’s a technical read, but Jeff does a great job making it as accessible as possible.