For context, here is a direct link to the post that is making the rounds:
The short summary of this report is that the investigators performed analysis on the running state of various password managers and reported on the fact that sensitive information was present in memory at various points during the application lifecycle.
The short and direct answer is that Codebook is, to varying degrees, susceptible to the same types of analysis described in this article. While Codebook will make attempts, whenever possible, to wipe sensitive information from memory, we have only limited control over where in the process memory sensitive information may end up. This could include various UI controls, managed code, managed memory, etc. On some platforms, like macOS and iOS, we have finer grained control than on others, like Windows or Android, but regardless, in order to display secret information to you, it must pass through the program’s memory.
Unfortunately, in an attempt to make these findings sound more impressive, the article fails to mention that the same is true for every software program in existence, without exception.
There is no way to protect against an attacker with access to your computer, the privileges necessary to run arbitrary software, and direct access to the memory of other running processes. Application data can be compromised no matter what under those circumstances.
As a result, users of Codebook (or any other Password Managers) must consider the use of the software in the scope of their overall computing platforms. It is important to ensure that workstations and devices are secured with strong credentials, and kept free of untrusted programs, especially in an administrative context. Layered security will go a long way to protecting your applications and data from this sort of risk.