CVE-2024-10327: Okta Verify for iOS Vulnerability Could Allow Unauthorized Access

A newly disclosed vulnerability in Okta Verify for iOS could allow unauthorized access to user accounts, even if the user actively denies the authentication request. The flaw, tracked as CVE-2024-10327 and assigned a CVSS score of 8.1 (High), impacts specific versions of the app and hinges on a quirk within the iOS ContextExtension feature.

Okta Verify is a popular multi-factor authentication (MFA) app used by millions to secure their online accounts. This vulnerability, however, undermines this security measure in certain scenarios. “When a user long-presses the notification banner and selects an option, both options allow the authentication to succeed,” Okta explains in their security advisory. This essentially means that whether a user selects “Approve” or “Deny” on a push notification, the authentication will be successful, potentially granting an attacker access.

The vulnerability affects Okta Verify for iOS versions 9.25.1 (beta), 9.27.0 (including beta), and 9.27.0, which was officially released on the Apple App Store on October 21, 2024. It’s important to note that this vulnerability only affects users who enrolled in Okta Verify while their organization was using Okta Classic, regardless of whether they have since migrated to Okta Identity Engine.

The vulnerability can be exploited in several scenarios, including:

• Locked Screen Responses: When a user responds to a push notification directly from their lock screen without first unlocking the device.
• Home Screen Interactions: When a user interacts with a push notification on their home screen by dragging it down and selecting a response.
• Apple Watch Replies: When a user replies to a push notification directly from their Apple Watch.

Okta recommends that customers review their system logs to identify potentially affected users and cross-reference associated data, such as IP addresses and geolocation, against known user activity to detect any anomalies.

For users on version 9.25.1 (beta):

eventType eq "user.authentication.auth_via_mfa" and debugContext.debugData.factor eq "OKTA_VERIFY_PUSH" and client.userAgent.rawUserAgent co "B7F62B65BN.com.okta.mobile/9.25.1" and outcome.result eq "SUCCESS"

For users on version 9.27.0:

eventType eq "user.authentication.auth_via_mfa" and debugContext.debugData.factor eq "OKTA_VERIFY_PUSH" and client.userAgent.rawUserAgent co "B7F62B65BN.com.okta.mobile/9.27.0" and outcome.result eq "SUCCESS"

The good news is that Okta has addressed the CVE-2024-10327 vulnerability in version 9.27.2 of Okta Verify for iOS. Users are strongly urged to update their app to this version or later as soon as possible to mitigate this risk.

Related Posts:

• Okta Patches Vulnerability Allowing Unauthorized Access
• Data Breach at Okta Affects All Customer Support Users: Company Updates Scope
• September Cyberattack Leaks Okta Employees’ Sensitive Data
• Okta’s Security Breach Puts Businesses on Aler