Overview

Okta published a security advisory on October 24, 2024 regarding a vulnerability present in the Okta Verify app. The vulnerability only affects Okta Verify for iOS versions 9.25.1 (beta) and 9.27.0 (including beta). This vulnerability could allow for successful authentication even if you tap “No, It’s Not Me” in the push notification, potentially leading to unauthorized access to your account.

Recommended Action

Technology Services recommends updating Okta Verify to version 9.27.2 as soon as possible.

Additional Information

Okta is the provider for the university’s single sign-on and multi-factor authentication solution, login.pugetsound.edu. Please see Okta’s published advisory for full details: https://trust.okta.com/security-advisories/okta-verify-for-ios-cve-2024-10327.