Client Crashing after Catalina 10.15.3 update

Got a problem with Viscosity or need help? Ask here!

justinm

Posts: 1
Joined: Fri Jan 31, 2020 3:16 am

Post by justinm » Fri Jan 31, 2020 3:21 am
I just updated to Catalina 10.15.3 last night. Ever since then when I try to connect to an openVPN server the client just crashes. I'm using Viscosity 1.8.4 tried reinstalling it as well. The only detail I can get is from the console crash report.
The highlight from it is:
Error Code: 0x00000015 (invalid protections for user instruction write)

I also found these lines which might point to a better cause.
Exception Type: EXC_BAD_ACCESS (Code Signature Invalid)
Exception Codes: 0x0000000000000032, 0x00007fff360babb4
Exception Note: EXC_CORPSE_NOTIFY

I do have other Mac users that upgraded as well and they don't have the issue connecting to the same VPNs.
Any advise?

James

User avatar
Posts: 1973
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Fri Jan 31, 2020 10:23 am
Hi justinm,

If the crash report is from Viscosity itself, then it looks like something on your computer has modified Viscosity, breaking its code signature.

We have seen an enterprise management tool cause problems in the past called "Digital Guardian", which was trying to inject itself into the OpenVPN process. If this is a machine managed by an enterprise IT department I recommend getting in touch with your IT department and seeing if any such software is in use, and if so, whether it needs to be updated.

If no such software is installed on your computer, then it could be another program mistakenly modifying Viscosity (try temporarily uninstalling any such software you think could be responsible).

If the crash report is from the OpenVPN process, and you're using a physical token or smartcard for authentication, then it likely means the PKCS#11 driver you're using does not support the macOS 10.15.3 code signing requirements. Try checking with your IT staff or the device manufacturer to see if an updated driver is available.

Cheers,
James
James Bekkema
Viscosity Developer

Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs

idogold

Posts: 1
Joined: Sun Feb 02, 2020 8:13 pm

Post by idogold » Sun Feb 02, 2020 8:15 pm
I'm having the same issue,
I have contact my IT department, and there is no active block or interference with the VPN client
not to mention that it worked on Catalina , just this upgrade to 10.15.3 it now crashes.

how can we resolve it?

James

User avatar
Posts: 1973
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Mon Feb 03, 2020 8:32 am
Hi idogold,

As stated above, something is modifying Viscosity or OpenVPN, thereby breaking the code-signature. This means macOS sees the signature as no-longer valid and blocks execution.

This isn't a problem with Viscosity, nor is it something we can address. Either an overzealous piece of security software is attempting to inject itself into the Viscosity or OpenVPN process and crashing it. Or there is malware on your machine.

Assuming it is problematic security software, then it likely either doesn't support macOS 10.15.3 properly, or it isn't notarized (Apple have stricter requirements in place that were due to start February 1st):
https://developer.apple.com/news/?id=09032019a

Cheers,
James
James Bekkema
Viscosity Developer

Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs

James

User avatar
Posts: 1973
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Tue Feb 04, 2020 5:40 am
Hi Folks,

Just a quick follow-up, this crash appears to be caused by "SentinelOne", which is enterprise management software. It has been causing all applications to crash that have a hardened runtime enabled (including Viscosity and other applications like 1Password). As reported by them:

The issue appears to be a conflict with SentinelOne security software and Mac apps with hardened runtimes such as 1Password. Please update SentinelOne. If this is at a workplace, please advise your IT department that it should be updated. If they can not update it at this time, request that they whitelist 1Password in the software.

You should contact your IT support staff for assistance.

Cheers,
James
James Bekkema
Viscosity Developer

Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs
5 posts Page 1 of 1