HomeKit Vulnerability Discovered In iOS 11.2

Posted December 09, 2017

Despite being considerably hard to reproduce, the vulnerability did allow some users to bypass security checks and take control of a wide range of HomeKit connected accessories such as wall plugs, smart lights and thermostats.

Apple said that it has issued a fix for HomeKit Security flaw, which had left devices vulnerable to unauthorized third-party access.

More news: The Pope has Called for Respect for the Status quo in Jerusalem

"The fix temporarily disables remote access to shared users, which will be restored in a software update early next week", it added.

The vulnerability, disclosed to 9to5Mac, required at least one iPad, iPhone or iPod Touch running the latest software version iOS 11.2 to have connected to the iCloud account associated with the HomeKit system.

More news: Flynn Said Russian Sanctions Would be 'Ripped Up,' Whistle-Blower Says

9to5Mac said the flaw had "serious ramifications" but accepted it was "difficult" to exploit. However, the vulnerability did not impact earlier versions of the operating system. While the publication hasn't shared any specific details, it said that the "issue was not with smart home products individually but instead with the HomeKit framework itself that connects products from various companies".

The fix appears to be server side update, meaning that the end-user doesn't have to update anything for it to take effect.

More news: Austrian court legalises same-sex marriage, declaring all other laws discriminatory

While software bugs do happen from time to time, we have to say that the number of bugs and issues popping up in iOS 11 is a bit alarming. It looks like the update also brought a new bug in HomeKit, as a recent iOS 11.2 vulnerability for Homekit has been discovered. HomeKit users should do not forget to install the latest update as soon as it arrives.