SparkLabs Blog.

The latest news and releases.


Viscosity For Mac & Windows: Version 1.6.8

Version 1.6.8 of Viscosity has been released for both Mac and Windows! This release includes a number of improvements and bug fixes, an update to OpenVPN 2.3.14, and an important security fix for the Windows version (more information below).


Version 1.6.8 Mac Release Notes:

improved
PKCS#11 users will now be prompted to insert their token when needed
improved
The connection name is now displayed in challenge and password prompts
improved
Improved support for OpenVPN-AS connection scripts
improved
Unsafe command detection updated to allow commands using safe parameters
updated
OpenVPN updated to version 2.3.14
fixed
Resolves issue where an IPv6 Reachability Check may fail under macOS 10.12
fixed
Resolves potential crash when using the main menu while an alert is visible under macOS 10.12
fixed
Reset network interfaces on disconnect option now behaves correctly for multiple active connections
fixed
Various bug fixes and enhancements


Version 1.6.8 Windows Release Notes:

improved
PKCS#11 users will now be prompted to insert their token when needed
improved
Unsafe command detection updated to allow commands using safe parameters
updated
OpenVPN updated to version 2.3.14
fixed
Security: Fixes a potential privilege escalation attack against Viscosity's service
fixed
Various bug fixes and enhancements

This version includes more fine-grained detection of unsafe commands by now also taking the command's parameters into account. Where previously Viscosity may block a command as unsafe, the command could now be considered safe when certain parameter combinations are used. This should allow for less instances where the "Allow unsafe OpenVPN commands to be used" option needs to be enabled without compromising security.

This version also resolves a security issue that been identified in the Windows version of Viscosity that could potentially allow a local user to gain elevated privileges. Local machine access is required, it cannot be exploited remotely, and it does not affect the security of VPN connections. We encourage all Windows users update to version 1.6.8 as soon as possible, particularly those in multi-user or enterprise environments. Thanks to Kacper Szurek for the discovery and notification.

The 1.6.8 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.