iOS ContextExtension Vulnerability Affects Okta Verify Push Authentication
CVE-2024-10327

8.1HIGH

Key Information:

Vendor: Okta
Status: Okta Verify For iOS
Vendor: CVE Published:; 24 October 2024

Badges

👾 Exploit Exists📰 News Worthy

What is CVE-2024-10327?

The vulnerability CVE-2024-10327 affects Okta Verify for iOS versions 9.25.1 (beta) and 9.27.0, allowing unauthorized authentication through the iOS ContextExtension feature. This poses a significant risk by enabling authentication to proceed without user consent, potentially leading to unauthorized access to sensitive systems. There have been no confirmed exploits in the wild, but the potential impact necessitates immediate attention and remediation. Organizations using affected versions should prioritize upgrading to mitigate the associated risks.

Affected Version(s)

Okta Verify for iOS 9.25.1

Okta Verify for iOS 9.27.0

News Articles

Rescana

CVE-2024-10327

Critical Vulnerability in Okta Verify for iOS: Understanding CVE-2024-10327 and Mitigation Strategies

Executive SummaryThe discovery of CVE-2024-10327 presents a critical challenge for organizations utilizing Okta Verify for iOS. This vulnerability, affecting versions 9.25.1 (beta) and 9.27.0, poses a significant risk by allowing unauthorized authentication through the iOS ContextExtension feature. ...

References

https://trust.okta.com/security-advisories/okta-verify-fo...

vendor-advisory

https://help.okta.com/en-us/content/topics/releasenotes/o...

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Oct 26, 2024
📰
First article discovered by Rescana
Oct 26, 2024
Vulnerability published
Oct 24, 2024
Vulnerability Reserved
Oct 23, 2024