Published on

The recently released 19.2.0 version of InstallBuilder includes an important fix for installers relying on payload encryption. This is an optional feature that enables the password-protection of installers, prompting the end-user for a password at launch time, before allowing the installation to continue. Devcore - a security consulting company - discovered that by using system debugging tools, it was possible to have access to this password, in turn making it possible to bypass this check. Most InstallBuilder customers don’t use this functionality, and it is disabled by default as most application developers implement password control in their own apps. However, if you do use this functionality, it is important that you please update to this latest version that fixes the issue.