SecurID^® Product Advisories

FAQ: RSA Authenticator 4.3.x on iOS issues
Date: 20th September 2023

What are the issues occurring in RSA Authenticator 4.3.X on iOS?

In certain circumstances, impacting only a few users, installing or upgrading to RSA Authenticator V4.3 for iOS may result in users being unable to use the application, with the following notice prompts:

This error message is misleading. This occurs on RSA Authenticator 4.3 and 4.3.1 when a user sets up a new device or resets an existing device to factory state, and subsequently (from either state) restores the device from backup. For security reasons, credentials are not part of the backup and restore process. Any newly installed application (i.e., not an update) will never include credentials; these must always be re-installed after such a new installation.

V4.3.2 partially corrected the above issue and the error message presents as follows:

When these users continue to import credentials in the app, they could run into one of the below errors:

What are the root causes of these issues?

• Root Cause 1: Race condition between Apple protected resource availability and RSA Authenticator App initialization.
• Root Cause 2: RSA has implemented extra security measures, relying on unique security information present on this device, which cannot be backed up. When an iOS back-up is restored, there is a mismatch between the information part of the backup, and the unique security information on the device. Note: this may occur with users getting a new device or resetting the current device to factory settings.
• Combination of the two above.

What has been done to correct these issues?

RSA Authenticator V4.3.3 for iOS includes the following:

• Better handling of the race condition mentioned above.
• Improved handling of restore from backup with the following error message when the user needs to import credentials again.

• Instructions when restarting the app will likely resolve the underlying race condition. Users should be advised of the following steps if you are working with them.
  
  • Restart the app. In certain edge cases, this could resolve the issue.
  • Provide the user with the option to ‘reset the app’, which will initiate a database reset in the application, resolving the issue. The user will then be able to import new credentials into the application, via the same process applied to new users, or to existing users switching to new devices.

What are RSA’s Recommendations for Next Steps?

• RSA is currently working with customers to field test V4.3.3. General Availability is expected by September 22, 2023, pending Apple approval
• RSA does not expect to restart gradual App auto updates before the week of September 25, 2023.
• User Steps:
  
  • Any users switching to a new iOS device will need to immediately manually update to RSA Authenticator App v4.3.3 once it is available in the Apple App Store.
  • For any other users who are still experiencing the issues mentioned above, we recommend they immediately manually update to RSA Authenticator App v4.3.3 once it is available in the Apple App Store.

What about RSA Authenticator on Android?

The Android version of the RSA Authenticator application is not impacted by these issues, which are specific to iOS. Having confirmed that the issues mentioned above do not impact the Android version of the Authenticator, RSA is now resuming the rollout of V4.3 for Android.