Post not yet marked as solved
FB12755685
Sent a feedback through feedback assistant and wanted to elaborate more over here.
Our application configures and connects to wireless networks using CoreWLAN. We started seeing crashes while connecting with the latest Beta versions of Sonoma. The crashes showed EXC_BAD_INSTRUCTION (code=EXC_I386_INVOP, subcode=0x0) which led me to believe it might be a CPU architecture issue due to the mention of i386 but that was completely wrong.
Turns out the error is due to:
*** CFRetain() called with NULL ***
CFRetain.cold.1
[CWInterface associateToEnterpriseNetwork:identity:username:password:error:] + 127
Sample code to consistently reproduce the crash on Sonoma
CWInterface* interface = [CWInterface interfaceWithName:@“en0”];
NSError *scanError = nil;
NSSet* testNetworks = [interface scanForNetworksWithName:@“SSIDName” error:&testScanError];
CWNetwork* network = [testNetworks anyObject];
NSError* connectionError = nil;
BOOL connected = [interface associateToEnterpriseNetwork:network identity:identityRef username:nil password:nil error:&connectionError]; //<--crash here
The associateToEnterpriseNetwork function expects a CWNetwork object. In the Beta versions of macOS Sonoma, the CWNetwork object has (null) values in the ssid field. This causes a cold CFRetain runtime error when trying to associate to the network.
If we can detect a broadcasting "SSIDName" SSID and try to associate to it, we will always crash on the last line.
The reason for the crash seems to be due to a difference in how the CWNetwork objects are handled in Sonoma.
Sonoma:
<CWNetwork: 0x6000036cb590> [ssid=(null), bssid=(null), security=WPA2 Enterprise, rssi=-53, channel=<CWChannel: 0x6000036fce90> [channelNumber=1(2GHz), channelWidth={20MHz}], ibss=0]
Ventura:
<CWNetwork: 0x6000010ffa60> [ssid=Chris640, bssid=(null), security=WPA2 Enterprise, rssi=-45, channel=<CWChannel: 0x6000010ffca0> [channelNumber=1(2GHz), channelWidth={20MHz}], ibss=0]
Is my assumption that the crash is due to the (null) in the SSID field correct?
Post not yet marked as solved
Our application used the profile -I command to install a wireless configuration profiles for the user. Starting with macOS Big Sur, terminal commands can no longer be used to install configuration profiles. Along with this, there are no APIs available to do the same. I get that Apple wants the user to be in control of any Configuration Profile installations, but the system notification that doesn't actually take you to the 'Profiles' section on click along not being very descriptive seems like something that may cause confusion among users.
To make the installation process easier, we are triggering a file open of the .mobileconfig followed by opening System Preferences using terminal commands (open <path/to/mobileconfig and open "x-apple.systempreferences:com.apple.preference") and then waiting for the user to navigate to profiles and approve the profile to be installed. Opening the Profiles section was possible on older versions, is there a way to do the same on Big Sur? Is there anything else we could do to make the profile installation process a little more intuitive for the user?
Post not yet marked as solved
We use a web page to distribute Configuration Profiles. To make the profile installation experience a little easier, we provide a button to open up the Settings application using
function redirect() {
try {
window.location.href='App-prefs://prefs:root=Settings';
} catch (error) {
alert(error);
}
}
This has worked well till iOS 15.4, in which we get an 'Invalid URL' error.
I understand that Apple does not permit using these URLs in an App Store applications but there is nothing against it for simple web URLs. Is this a bug or an intended change in having these URLs not work?
Post not yet marked as solved
In our macOS Application I am trying to generate a keypair in the system keychain using SecKeyCreatePair for legacy reasons, but keep receive an error -61 (Write permission error). What is the best approach to making this work or is this simply not possible (anymore)? The End User running this Application is typically an Admin and we would normally use the SFAuthorization to grab sudo for this type of issue. This is not possible using Apple Security Framework functions as far as I can see, not even the latest function SecKeyCreateRandomKey.
Post not yet marked as solved
Before Big Sur our application handled removing configured SSIDs by editing the com.apple.airport.preferences.plist file. Big Sur made this not possible any more so we moved to using terminal commands to accomplish this using the networksetup -removepreferredwirelessnetwork. This functioned without issues on intel machines but requires admin access on the new M1 machines. Is there a reason for this difference?
We also tried providing sudo access using the AuthorizationExecuteWithPrivileges function on the .sh file with the command. Strangely this also does not work and still pops up a "Command requires admin privileges" error. We are aware that AuthorizationExecuteWithPrivileges is a deprecated function, but we have decided to go with it since it's a one off and saves us the hassle of programming with the Authorisation Services on top of the fact that ours is a runtime application. Is this functionality broken on the m1 processor and is there a "correct" way to handle removing SSIDs that does not involve plist files or terminal commands?
Post not yet marked as solved
It has been a few months since the release of Big Sur now and it's strange that the Safari UserAgent still reports itself as 10.15.6 instead of 11.0
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0.1 Safari/605.1.15
I see that multiple people view this as an issue but we still do not have a response from Apple on when and how this is going to be handled going forward. The webkit bug report tracking this has been marked as resolved without a real solution https://bugs.webkit.org/show_bug.cgi?id=216593
Our web page relies on the browser reporting the correct UserAgent to show relevant instructions to our users and we'd like a way not to show them the wrong information.
Post not yet marked as solved
As far as I know, there is nothing wrong with the code and the crashes don't even occur during the execution of the code and happen at random points during the execution.
The app functions perfectly well on an intel machine but only crashes on a system with the new M1 processor.
The common error message during the multiple crashes has been a message like this
2021-02-09 11:57:02.628554+0530 0x8691 Default 0x0 0 0 kernel: (AppleMobileFileIntegrity) AMFI: Denying core dump for pid 1407 ([AppName])
To build the universal application all we did was upgrade to the beta version of Xcode12 and mention Standard Architectures - $(ARCHS_STANDARD) in 'Build Settings' which mentions that the app will be built for x86_64 and ARM64 architectures. This does build a universal app, so it looks like the build process runs smoothly, but the app constantly crashes at different spots while running it.
Post not yet marked as solved
With iOS 14, there is a toggle to enable and disable MAC Address Randomization for SSIDs using the "Use Private Address" toggle.
It seems like the feature is not available on macOS Big Sur. The WiFi documentation https://developer.apple.com/documentation/devicemanagement/wifi has DisableAssociationMACRandomization which only seems to work on iOS devices as of now. Is there any way to toggle this feature currently on macOS or is the feature going to be made available on Big Sur?
Post not yet marked as solved
Our application tries to read the title of the browser, which is then used by the application to carry on further operations. For this purpose application invokes an AppleScript "tell application <browser> to return name of front document".Mojave added a requirement to include a new NSAppleEventsUsageDescription key in the info.plist file when the application tries to invoke an AppleScript.But on Catalina, even with the key set in the application's info.plist file, the application is still unable to invoke the AppleScript with the error "-1743 Not authorized to send Apple events to <applicationName>".Looking at the release notes for the latest Catalina build"To enhance security, AppleEvents and AppleScripts that target an app on a remote system must authenticate as the same user on the remote system. An AppleEvent that targets an app running as a different user receives a procNotFound error. To allow remote AppleEvents to target apps in any user session, run the following command in Terminal on the server:defaults write /Library/Preferences/com.apple.AEServer RestrictAccessToUserSession -bool false Then disable and reenable Remote Apple Events in System Preferences > Sharing. (5353592)"This seems to be the only change documented for AppleScripts. Our application is not trying to run on the remote systems but runs locally. Does the above change apply to all scripts whether they running locally or remotely? Can anyone suggest what can we do to get the AppleScript working?
Post not yet marked as solved
We were trying to implement ECC keys using our mobileconfigs. As per the Configuration Profile reference, the SCEP payload only accepts RSA as the keyType as well as 1024 or 2048 as the keySize.
Since the reference says "Currently always ”RSA”", can we expect support for other encryption algorithms soon or is there some other way to add ECC keys currently?
Post not yet marked as solved
I was wondering if there was another way for the browser to detect if the device is an iPhone or an iPad. When the user switches to desktop mode, the user agent string reports the device as a macOS Catalina. I have found a way to detect if the device is a mobile device but I can't find out if it is an iPhone or an iPad, and since we show different web components based on the device, this information becomes important.I tried looking at javascript 'screen.width' property which gives the UIKit Size of the screen. This would have been a hack to identify the devices until the previous generation of devices, but the resolution of the iPhone 11 Pro exceeds that of one of the older iPads. Are there any other suggestions on detecting the devices that can be done with the browser on desktop view?
Post not yet marked as solved
We use our app to generate a certificate signing request and recently migrated from using the openSSL library functions to Apple's native crypto functions. We based our code off https://github.com/ateska/ios-csr/blob/master/SCCSR.m. This works perfectly fine on macOS 10.15 - the version on which the app was developed. Strangely it works on macOS 10.8 as well. On all the versions from 10.9 to 10.14 if we do an openSSL verify (openssl req -in req.csr -noout -text -verify), we geterror:04091068:rsa routines:INT_RSA_VERIFY:bad signature:rsa_sign.c:278
error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib:a_verify.c:218This means our certificate request is rejected on those all the above mentioned versions.We suspected it might be the SecKeyRawSign function but after looking at the key and the digest, we realised that the signature was correct and the problem was with the hash itself on these OS versions. We were trying to figure out if this was a known issue with these versions or are we doing something wrong.
Post not yet marked as solved
We distribute our app externally to the users and not through the App Store. Our app is built and uploaded on our servers. We generate the app's configuration (different for each customer) on our servers and then package the configuration with the app. App is then signed and distributed to the end-users.One of the configuration items is the app icon, which is placed in the apps /Contents/Resources directory.With notarization being an asynchronous process, we need to provide a signed app for which the resources can't be altered as it would break the signing. Looking for solutions to change the app icon dynamically without breaking the app signature.Solutions tried:1. Modify the Icon file field in the app's info.plist with the URL of the icns file - Doesn't work and the icon doesn't change. Also breaks the signing as info.plist is inside the app.2. Change the icon in the resources folder - Breaks signing as we have changed the contents inside the app.Any suggestions on how this can be achieved?
pyro_90.