Version 4.28.4 (December 2021)
  • 23 Oct 2024
  • 1 Minute à lire
  • Sombre
    Lumière
  • PDF

Version 4.28.4 (December 2021)

  • Sombre
    Lumière
  • PDF

The content is currently unavailable in French. You are viewing the default English version.
Résumé de l’article

Fixes and other updates

Highjacking vulnerability fix

[MAS-1990]: The launch mode for Mobile Authenticator Studio applications is set to singleTask. It was discovered that this creates a highjacking vulnerability but there is a simple fix. To secure this vulnerability, the taskAffinity attribute should be set to empty for each activity tag in the Manifest.xml file. For example:

<activity android:taskAffinity=""/>

iOS

[MAS-1981]: For a short time, it was not possible to publish an application that used Mobile Authenticator Studio for iPad because it was missing full-screen support for the iPad mini display.

This issue has been fixed.

[MAS-1792]: The application would unexpectedly terminate in some situations when facial recognition failed and the correct passcode was entered.

This issue has been fixed.

Android

[CS0078401] [MAS-1953]: This issue occurred when the configuration option openAtStartup is enabled during the App2App flow. The application would remain in the camera scanning mode instead of launching another application.

This issue has been fixed.

[MAS-1791]: This issue occurred when the configuration options openAtStartup and closeInBackground were disabled. The intended login workflow was not started when the application was opened from the notification center.

This issue has been fixed.

[MAS-1790]: This issue occurred when the configuration options openAtStartup and closeInBackground were enabled. The intended login workflow was not initiated when tapping the notification on the lock screen.

This issue has been fixed.

Customization Tool

[CS0076588] [MAS-1874]: The Customization Tool has been enhanced to be able to generate and sign iOS applications on previous MacOSx versions. The minimum supported versions for MacOSx and Xcode have been specified in the product documentation.

Java integration sample

[MAS-1973]: The Java integration sample uses Log4J as an external dependency. This library contains critical vulnerabilities referred to as:

  • CVE-2021-44228  

  • CVE-2021-45046

  • CVE-2021-45105

The Java integration sample has been updated to use Log4j version 2.17, which fixes these vulnerabilities.


Cet article vous a-t-il été utile ?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.
ESC

Ozzy, facilitant la découverte de connaissances grâce à l’intelligence conversationnelle