- 23 Oct 2024
- 1 Minute à lire
- SombreLumière
- PDF
Version 4.28.4 (December 2021)
- Mis à jour le 23 Oct 2024
- 1 Minute à lire
- SombreLumière
- PDF
Fixes and other updates
Highjacking vulnerability fix
[MAS-1990]: The launch mode for Mobile Authenticator Studio applications is set to singleTask. It was discovered that this creates a highjacking vulnerability but there is a simple fix. To secure this vulnerability, the taskAffinity attribute should be set to empty for each activity tag in the Manifest.xml file. For example:
<activity android:taskAffinity=""/>
iOS
[MAS-1981]: For a short time, it was not possible to publish an application that used Mobile Authenticator Studio for iPad because it was missing full-screen support for the iPad mini display.
This issue has been fixed.
[MAS-1792]: The application would unexpectedly terminate in some situations when facial recognition failed and the correct passcode was entered.
This issue has been fixed.
Android
[CS0078401] [MAS-1953]: This issue occurred when the configuration option openAtStartup is enabled during the App2App flow. The application would remain in the camera scanning mode instead of launching another application.
This issue has been fixed.
[MAS-1791]: This issue occurred when the configuration options openAtStartup and closeInBackground were disabled. The intended login workflow was not started when the application was opened from the notification center.
This issue has been fixed.
[MAS-1790]: This issue occurred when the configuration options openAtStartup and closeInBackground were enabled. The intended login workflow was not initiated when tapping the notification on the lock screen.
This issue has been fixed.
Customization Tool
[CS0076588] [MAS-1874]: The Customization Tool has been enhanced to be able to generate and sign iOS applications on previous MacOSx versions. The minimum supported versions for MacOSx and Xcode have been specified in the product documentation.
Java integration sample
[MAS-1973]: The Java integration sample uses Log4J as an external dependency. This library contains critical vulnerabilities referred to as:
CVE-2021-44228
CVE-2021-45046
CVE-2021-45105
The Java integration sample has been updated to use Log4j version 2.17, which fixes these vulnerabilities.