Cybersecurity Data & Analytics Digital Workspace Cloud Infrastructure Application Development Artificial Intelligence
Services Overview
Workshops Assessments Masterminds Technical Solutions Manager Cybersecurity Advisory Program Implementation Project Management Staffing
Insights Security Videos News Events
Why Alchemy Partners Team Awards Careers Contact Us
Blog | Security October 25, 2024

Critical Update for Okta Verify iOS Vulnerability (CVE-2024-10327)

Critical Update for Okta Verify iOS Vulnerability (CVE-2024-10327)

Introduction:

A critical vulnerability, CVE-2024-10327, has been discovered in Okta Verify for iOS (versions 9.25.1 and 9.27.0). This flaw allows successful authentication regardless of the user’s push notification response, compromising the security of push-based MFA and potentially enabling unauthorized access. If not addressed quickly, this vulnerability could expose your organization to significant security risks.

Who is Affected?

This issue affects users who enrolled under Okta Classic Engine, even if they’ve since upgraded to Okta Identity Engine. Tenants created directly on OIE are not impacted.

Technical Details:

The vulnerability is rooted in iOS’s ContextExtension feature, affecting the following scenarios:

  • Locked screen: Users can respond to push notifications without unlocking the device, bypassing standard authentication.
  • Home screen: Users can swipe down the notification banner to approve or deny authentication without full security checks.
  • Apple Watch: Users can directly respond to a push notification without the usual MFA safeguards.

The issue arises when users long-press on push notifications and select either the “Yes” or “No” options, which both erroneously allow the authentication to succeed. Based on the CVSS 3.1 system, the vulnerability has been assigned a high severity score of 8.1, reflecting its potential impact on confidentiality and integrity.

How to Address the Vulnerability:

To protect against this flaw, immediately update to Okta Verify version 9.27.2 or higher. IT administrators should enforce updates using MDM/MAM solutions and ensure end-users update the app from the Apple App Store. Users can download the latest version here.

Conclusion:

Resolving this vulnerability is essential to maintaining your organization’s security. Promptly updating your devices will prevent potential exploitation. For more information, refer to the official Okta Security Advisory and the National Vulnerability Database.

Take Action: Okta Health Check

Is your Okta environment fully optimized for security? Alchemy’s Okta Health Check comprehensively reviews your setup, ensuring it aligns with industry best practices. Our consultants will assess your configuration, identify risks, and offer tailored recommendations to secure your data and strengthen business operations. Don’t leave your identity infrastructure vulnerable—schedule your Okta Health Check today and maintain a resilient security posture.

Book your Health Check now.

Author

johnny-brister avatar Johnny Brister
Share

More Articles

Insights
Nov 21, 2025

How Azure Virtual Desktop Is Shaping the Future of Hybrid Workloads

doug-lind avatar Doug Lind
Insights
Nov 6, 2025

From Login to Loyalty: Turning Authentication into a Brand Experience

pascal-pierre-louis avatar Pascal Pierre Louis
Insights
Oct 24, 2025

Modern Endpoint Management with Intune and Nerdio: What IT Leaders Need to Know