Sentry-Cocoa macOS Security Update and Sentry-Swift Security Notice

Armin Ronacher andDaniel Griesser /

Post-mortem

We released sentry-cocoa 3.10.0, which resolves a security incident that may have affected users on macOS apps without a sandbox. We urge Mac users to update via CocoaPods, Carthage, or direct checkout. Without that update, it is possible that events may be sent to other users’ Sentry apps and installations.

Specifically, if a user has two Sentry-based apps on their Mac and App A crashes, the event from App A is sent to the configured project App B when it launches.

What happened

When we originally wrote sentry-swift and sentry-cocoa, the libraries were aimed towards iOS. Because we are quite limited by the operating system in what can be done at the time of the crash, we decided to dump out the crash info into one or more JSON files in the NSCachesDirectory in an io.sentry sub-folder. When the application is sandboxed, that folder is local to the application. However, we had not previously considered what would happen if Sentry is not used in a sandboxed environment (which can only happen on macOS), causing us to overlook that this folder is indeed shared across apps.

How we fixed it

With this update to sentry-cocoa 3.10.0, the crashes are now stored in sub-folders in io.sentry that are based on the SHA1 hash of the client’s DSN. For security reasons, we no longer consult the old location. This means that, with this update, crashes that were created in older releases of Sentry will no longer be sent on the first relaunch after update.

What you should do

  • If you are not using sentry-cocoa for macOS crashes or you are using the macOS sandbox you don’t need to do anything.
  • If you are still using sentry-swift, update to sentry-cocoa.
  • If you are using a version of sentry-cocoa lower than 3.10.0, update to sentry-cocoa 3.10.0.

Please contact support@sentry.io with any questions or concerns.