Heads up: Security update for Duo for macOS

Hey everyone, on Thursday, August 25, 2022, we released version 2.0.0 of Duo for macOS, which includes a security update as well as a new offline access capability.

Duo already notified macOS customers via email about the security issue, with a recommendation to update to the latest version.

Read more about version 2.0.0:

  • Introduces offline access with Duo MFA.
  • Adds support for Mac systems featuring the Apple M1 chip.
  • The minimum supported macOS version is now 10.15 Catalina.
  • Resolved an issue where smart card 2FA bypass did not enforce that the smart card’s assigned user matched the authenticating user (CVE-2022-20662).
  • Resolved an issue where a time sync error upon contacting Duo’s service did not respect the local fail mode configuration and always failed open.
  • Improved client logging with log-level filtering.
  • Miscellaneous user interface enhancements and fixes.
4 Likes