Logitech Certificate Expiration Breaks App
Tim Hardwick (Slashdot, Hacker News):
Logitech users on macOS found themselves locked out of their mouse customizations yesterday after the company let a security certificate expire, breaking both its Logi Options+ and G HUB configuration apps.
Logitech devices like its MX Master series mice and MX Keys keyboards stopped working properly as a result of the oversight, with users unable to access their custom scrolling setup, button mappings, and gestures. It wasn’t long before the Logitech subreddit was awash with frustrated reports as people discovered their configured peripherals had suddenly reverted to default settings.
This article is technically inaccurate, sigh.
All Developer ID code signing certificates expire eventually, and macOS does NOT prevent software with an expired certificate from running, otherwise all of your older apps would be dead now.
Logitech was doing some ADDITIONAL validation of their own design, and that’s where the problem occurred.
Because the certificate also affected the in‑app updater, you will need to manually download and install the updated version of the app. Please do not uninstall the app and follow the steps below.
[…]
The certificate that expired is used to secure inter-process communications and the expiration resulted in the software not being able to start successfully.
Previously:
- Inside Code Signing: Certificates
- Mac Security Bugs Expose Location and Safari History
- CoreFollowUp Phishing
- HP Printer Driver Certificate Revoked
- Security Flaws in Adobe Acrobat Reader
- Privileged Operations on macOS
- Beware Apple Security Certificates After October 24
- PrivilegedHelperTools and Checking XPC Peers
Update (2026-01-08): Jeff Johnson (Mastodon):
The news reporting on this incident included misinformation about how macOS Developer ID code signing works.
[…]
These stories place the blame on macOS for refusing to run apps with expired Developer ID code signing certificates, but this is false! Apple documents the behavior on its certificates support page:
If your certificate expires, users can still download, install, and run versions of your Mac applications that were signed with this certificate. However, you’ll need a new certificate to sign updates and new applications.[…]
In other words, there’s nothing to worry about until the year 2035 at the earliest, though admittedly it’s a bit troubling that these apps have a ticking time bomb, so to speak. On the other hand, Developer ID provisioning profiles are optional, used only for a few features such as iCloud support, so many or even most Developer ID signed Mac apps have no provisioning profile, and thus no expiration.
A Logitech spokesperson replying to angry Redditors said the company was sorry for the issue and resulting disruption.
They wrote: “We dropped the ball here. This is an inexcusable mistake. We’re extremely sorry for the inconvenience caused.”
12 Comments RSS · Twitter · Mastodon
I do agree with Jeff that the reporting/statements from Logitech are technically inaccurate, and further that they are indications of a terrible design here.
Someone please correct me if I'm wrong, but there has to be a better way to store basic mouse and keyboard settings than a constantly running app that constantly requires multiple layers of third party blessings to even run.
> Please do not uninstall the app
You're at least 10 years too late for that, Logitech. I use your keyboards and mice but I learned long ago to avoid your software like the plague.
"there has to be a better way to store basic mouse and keyboard settings than a constantly running app that constantly requires multiple layers of third party blessings to even run"
Some manufacturers store settings directly to the hardware device, which is a much better design. However, this doesn't support some of the more advanced features offered by software.
While I severely dislike G HUB, I don't find Options+ too objectionable. It's not worse than what most other companies foist upon their users. Having said that, I just use SteerMouse.
@Kristoffer as a long time Windows user this was one of my biggest surprises going to the Mac. It seems Apple has just institutionally always hated the mouse. Their trackpads are incredible and that’s what I use after trying mice like on Windows. But the mouse is an afterthought at best it seems. Apple seems to think it’s for precise occasional pointing and that’s it. It’s more like a secondary device than a primary input method.
So if I understand correctly, what broke was not the DeveloperID certification (the app was still "launching"), but another certificate they use to authenticate the client-daemon-hardware custom IPC channels. Because of course, why would they use Mac-standard technologies such as XPC, when they can have their own shitty IPC protocol that their incompetent developers can mismanage.
"More news outlets have repeated the myth. Is there no fact checking in the media?"
Very often there isn't! And sometimes they even knowingly repeat lies and falsehoods. This is why, even when there is fact checking, mainstream media outlets should not be considered to have any credibility. This might also have something to do with the plummeting trust that people have in mainstream media outlets.
And yes, the state of mouse driver software in macOS is sad indeed.
To say nothing of the abomination that is Logitech's software, in order to use my Logitech mouse properly, I need to install a third party "driver". I use SteerMouse, but I've found the same issue with every other third party tool I've tried. I put "driver" in quotation marks because it's not really a driver any more. It's a user land application.
Back with macOS 10.14, it *was* a driver and it worked properly, at least once macOS was booted up. But nowadays, my mouse doesn't start working on boot up / log in until the third party app launches. And it doesn't work on the login screen. Nor when switching users. And often times other tools that try to affect mouse behavior or use event taps interfere with it and each other. And sometimes it just stops working altogether.
None of these issues were problems in earlier releases of macOS when it was reasonable to make kernel extensions that just allowed your mouse to work 100% of the time like any other physical mouse.
"mainstream media outlets should not be considered to have any credibility"
There is no such thing as "the mainstream media". There are different media outlets that employ different people and have different incentives and guidelines, and some of these people act in bad faith, but most don't.
I still have no idea what the fuck Logitech exactly did to screw this up, so assigning bad faith to media who didn't report this correctly is not the most plausible explanation.
"plummeting trust that people have in mainstream media outlets"
This is both a self-fulfilling prophecy and an intentional attack on free societies.
It's a self-fulfilling prophecy because attacking the media harms their ability to make money, which forces them to cut expenses, which reduces editing and fact-checking.
And it's an attack on free societies because without trustworthy information, democracies stop working, as we can all see happening right now.
So my suggestion is to stop helping the people who want you to live in an autocracy.
@Plume The "mainstream media" are the various large media corporations that create and control most of the media and news that's available to the public. Which companies that includes can be up for debate, but there are some that are not debatable. In terms of news the latter category includes CNN, Fox, MSNBC, ABC, and everything else owned, directly or indirectly, by Disney, Fox, Comcast, and other megalithic corporations.
Admittedly it's gradually becoming more of a misnomer as the internet and new companies, groups, and independent actors spring up and reduce their influence. But their influence is still massive.
It's both interesting and concerning to me that you see my comment as favoring autocrats and attacking free societies, because I intended it as exactly the opposite. And I really don't see how it can be anything else. It's been well documented by lots of authors, researchers, and journalists, largely acting independently of the above companies, as to how those companies shape and manipulate the media they put out, especially the news, in order to further corporate and elite agendas, *in opposition* to what we would agree is a free society. I agree that accurate information and news is a necessary thing for a society to be free, and from everything I've learned over the course of my entire life, these companies, regardless of what they claim or how they present themselves, are presently working against that.
It is for that reason that I say that the mainstream media, as explicitly defined above, has no credibility. They're not always wrong, but you simply cannot trust them to be right. For these same reasons I broadly support independent media and journalism.
However, this is drifting off topic, and I'll grant that this incident of misreporting on the whole debacle with Logitech is almost certainly not an example of news companies acting as an intentional propaganda arm for the corporate elite.
However, it is a good example of the sorts of poor quality reporting that is common in the news today, where one outlet will report on what another is saying without properly doing their own research. That sort of thing allows the dissemination of both the kind of manipulative news that I'm denouncing above as well as more trivial screw ups like this whole thing with Logitech. Being that I want to support independent news outlets, I expect their reporting to be more accurate, especially tech reporting from people that ought to have the technical knowledge to avoid mistakes like this, so it's disappointing to see MacRumors and Cult of Mac getting it wrong. It's up to them though to establish their own credibility.
This kind of undifferentiated criticism is not helpful; it is harmful.
If the media misreports something, point it out. But denouncing "the mainstream media" as "not be considered to have any credibility" is precisely what autocrats want. They do not want people to think the media has any credibility, because that allows them to do whatever they want without repercussions.
Getting people to think that they are fighting for freedom by attacking the media is the greatest trick the autocrats have ever pulled.
I don't want to get waaaay off topic here but I can't help but notice the overlap between the criticism of end game capitalism control and capitalist newspaper consolidation...Maybe in both cases there's a core problem that's not the good idea itself of capitalism and free press...
Aaaaanyway, Logitech really needs to get their shit together and so does Apple if they are going to take away all kernel access and make everything a kext. They like the idea on iOS of locking absolutely everything down and providing an API, but that doesn't seem to work on the Mac.
