SparkLabs Blog.

The latest news and releases.


Viscosity For Mac & Windows: Version 1.11.1

Viscosity version 1.11.1 is now available for both macOS and Windows! This update is a small maintenance release, with an updated version of OpenVPN, several bug fixes, and minor enhancements, to keep Viscosity running smoothly.

To help support the transition to OpenVPN 2.6, which was introduced in Viscosity 1.11, the "ncp-disable" command will now be automatically removed from VPN connections. OpenVPN 2.6 removed support for this command, and it was a common sticking point for many users importing configuration files designed for old versions of OpenVPN.

Viscosity now also has support for a new "static-challenge-acknowledge" command. This command enables prompting the user for a required action during the authentication phase, for example prompting to approve or acknowledge a two-factor authentication request on their phone or other device.

On macOS this update also improves support for locally installed authenticator software that is designed to communicate with a web authentication session. For example, links and buttons should now correctly activate Okta Verify when required.

On the Windows side, this update addresses two issues that could arise during enterprise deployments: identities loaded from the Local Machine certificate store will now be correctly detected, and Single Adapter Mode will no longer create additional virtual network adapters under some circumstances. While not directly part of the update, the ADMX templates have also been updated to support Microsoft Intune deployment.

Finally, this update also addresses two low-severity security issues in third-party components: Sparkle (on macOS) which is used for automatic updates, and the Legacy OpenVPN TAP Adapter (on Windows) which is an optional VPN adapter driver.

The Sparkle update addresses a potential security vulnerability that could allow an attacker to bypass Sparkle's signing checks on update packages. This isn't considered to be exploitable due to other validation methods, however it nevertheless is an important additional security layer. The Legacy OpenVPN TAP Adapter update addresses an issue that could allow an attacker to trigger an integer overflow and crash the driver. The Legacy OpenVPN TAP Adapter is not used by default by Viscosity, and instead it is only used if the Adapter Type has been changed under Advanced Settings.


Version 1.11.1 Mac Release Notes:

improved
Obsolete ncp-disable command will now be automatically removed
improved
Web authentication now supports many local authenticators (such as Okta Verify)
improved
Support for prompting a user with a new static-challenge-acknowledge command
updated
OpenVPN updated to version 2.6.10
updated
Sparkle framework updated
fixed
Various bug fixes and enhancements


Version 1.11.1 Windows Release Notes:

improved
Obsolete ncp-disable command will now be automatically removed
improved
Support for prompting a user with a new static-challenge-acknowledge command
updated
OpenVPN updated to version 2.6.10
updated
Legacy OpenVPN TAP Adapter driver updated
fixed
Resolves issue using certificates from the Local Machine certificate store
fixed
Resolves issue where Single Adapter Mode may create additional virtual network adapters
fixed
Various bug fixes and enhancements

The 1.11.1 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.