Login
    Contents x
    Version 4.28.4 (December 2021)
    • 23 Oct 2024
    • 1 Minute to read
    • Dark
      Light
    • PDF
    Contents

    Version 4.28.4 (December 2021)

    • Updated on 23 Oct 2024
    • 1 Minute to read
    • Dark
      Light
    • PDF
    Article summary

    Fixes and other updates

    Highjacking vulnerability fix

    [MAS-1990]: The launch mode for Mobile Authenticator Studio applications is set to singleTask. It was discovered that this creates a highjacking vulnerability but there is a simple fix. To secure this vulnerability, the taskAffinity attribute should be set to empty for each activity tag in the Manifest.xml file. For example:

    <activity android:taskAffinity=""/>

    iOS

    [MAS-1981]: For a short time, it was not possible to publish an application that used Mobile Authenticator Studio for iPad because it was missing full-screen support for the iPad mini display.

    This issue has been fixed.

    [MAS-1792]: The application would unexpectedly terminate in some situations when facial recognition failed and the correct passcode was entered.

    This issue has been fixed.

    Android

    [CS0078401] [MAS-1953]: This issue occurred when the configuration option openAtStartup is enabled during the App2App flow. The application would remain in the camera scanning mode instead of launching another application.

    This issue has been fixed.

    [MAS-1791]: This issue occurred when the configuration options openAtStartup and closeInBackground were disabled. The intended login workflow was not started when the application was opened from the notification center.

    This issue has been fixed.

    [MAS-1790]: This issue occurred when the configuration options openAtStartup and closeInBackground were enabled. The intended login workflow was not initiated when tapping the notification on the lock screen.

    This issue has been fixed.

    Customization Tool

    [CS0076588] [MAS-1874]: The Customization Tool has been enhanced to be able to generate and sign iOS applications on previous MacOSx versions. The minimum supported versions for MacOSx and Xcode have been specified in the product documentation.

    Java integration sample

    [MAS-1973]: The Java integration sample uses Log4J as an external dependency. This library contains critical vulnerabilities referred to as:

    • CVE-2021-44228  

    • CVE-2021-45046

    • CVE-2021-45105

    The Java integration sample has been updated to use Log4j version 2.17, which fixes these vulnerabilities.

    Was this article helpful?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout
    ESC

    Ozzy, our interactive help assistant