SECURITY ALERT: Security related update for Okta Verify for iOS

Okta has announced discovery and resolution of a vulnerability in Okta Verify for iOS versions 9.25.1 (beta), 9.27.0 (beta) and 9.27.0. If a user receives an Okta Verify push notification and responds by pressing and holding on a notification from the lock screen or notification center, or by responding to the notification on Apple Watch, then authentication will proceed regardless of user selection. (Note that a pre-condition for this vulnerability is that the user must have enrolled in Okta Verify while the Okta customer was using Okta Classic.)

This security vulnerability impacts several of the Okta Verify versions for iOS, including:

• Okta Verify for iOS version 9.25.1 (beta), available in Apple TestFlight from September 30, 2024.
• Okta Verify for iOS version 9.27.0 (beta) available in Apple TestFlight from October 10, 2024. 
• Okta Verify for iOS version 9.27.0 released to the Apple App Store from Monday, October 21, 2024.

The vulnerability was identified and resolved on October 23, 2024.  The fix for the vulnerability was implemented in Okta Verify for iOS version 9.27.2.

We strongly recommend that all NWU faculty, staff and students who are using Okta Verify for iOS as part of their authentication process update their Okta Verify application immediately. The current version is available in the Apple App Store.

The Okta Security Advisory for this vulnerability and further updates can be found here.