• Home
  • News
  • Artificial Intelligence
  • Internet of Things
  • Open Source
  • Hardware
  • Software
  • Security
  • Resources
  • Industry Voice
  • Data Strategy Spotlight
  • Newsletters
  • Resources
    • Inqlogo 120x194
      Five things you should look for in choosing a Testing provider

      Choosing a Testing Partner can be complex.  So what do you look for?  This guide offers insight into the qualities you must look for in choosing a Testing provider.  Download now to learn more.

      Download
      Inqlogo 120x194
      Your questions answered: How to protect your data in the cloud

      The number of successful cyberattacks per year per company has increased by 46% over the last four years. But what really needs to be considered when exploring a solution? What questions need to be asked? Download to find out...

      Download
      Find resources
      Search by title or subject area
      View all resources
  • Follow us
    • RSS
    • Twitter
    • LinkedIn
    • Newsletters
    • Facebook
    • Google+
    • YouTube
  • Newsletter
  • Industry Voice
  • Data Strategy Spotlight
The Inquirer
The Inquirer
  • Home
  • News
  • Artificial Intelligence
  • Internet of Things
  • Open Source
  • Hardware
  • Software
  • Security
The Inquirer
  • Security

Apple fixes bug in HomeKit app that could allow hackers into your house

An update coming to iOS 11.2 next week will restore full functionality

apple-homekit.jpg
  • Lee Bell
  • Lee Bell
  • @llebeel
  • 08 December 2017
  • Tweet  
  • Facebook  
  • Google plus  
  •  
  •  
  • Send to  
0 Comments

A SECURITY VULNERABILITY has been uncovered in Apple's connected home app, Homekit

Present in the current version of iOS 11.2, the bug, which was demonstrated to 9to5Mac, allows unauthorised control of connected smart accessories.

According to 9to5Mac's source, the vulnerability was difficult to reproduce, and allowed unauthorised control of HomeKit-connected accessories including smart lights, thermostats, and plugs.

Although the flaw didn't concern connected smart home products, instead it was to do with the HomeKit framework itself that helps to connect the different products from various smart device makers.

Since making Apple aware of the bug, the firm has rolled out a server-side fix that now prevents unauthorised access from occurring while limiting some functionality. Apple said an update to iOS 11.2 will be coming next week and this will restore that full functionality.

"The issue affecting HomeKit users running iOS 11.2 has been fixed. The fix temporarily disables remote access to shared users, which will be restored in a software update early next week," Apple said in a statement to 9to5Mac.

The news of the HomeKit bug fix comes just a week after Apple issued a fix for the 'devastating' macOS High Sierra bug that allowed anyone to gain root access without a password.

The fix arrived as 'Security Update 2017-001', and is available to download from the Mac App Store, promising to plug the easy-to-exploit flaw.

In a statement, the firm said: "Security is a top priority for every Apple product, and regrettably we stumbled with this release of macOS.

"When our security engineers became aware of the issue Tuesday afternoon, we immediately began working on an update that closes the security hole.

The flaw let anyone gain admin rights on a macOS machine by typing "root" as the username in the authentication dialogue box, leaving the password fielding blank and clicking on the "unlock" button twice. µ

  • Tweet  
  • Facebook  
  • Google plus  
  •  
  •  
  • Send to  
  • Topics
  • Security
  • Apple
  • computer security

INQ Latest

EU aims to crush anti-competitive online behaviour with new law proposals
EU aims to crush anti-competitive online behaviour with new law proposals

Oh look, the EU is getting stuck into the workings of tech again

  • Friction
  • 26 April 2018
GPU crypto-mining slump could see prices drop by 25 per cent
GPU crypto-mining slump could see prices drop by 25 per cent

At last, the break gamers have been waiting for

  • Hardware
  • 26 April 2018
Telegram downloads in Russia have reportedly increased following ban
Telegram downloads in Russia have reportedly increased following ban

Users have flocked to VPN services to skirt the block, claims NordVPN

  • Communications
  • 26 April 2018
Facebook brushes off Cambridge Analytica scandal with record Q1 revenues
Facebook brushes off Cambridge Analytica scandal with record Q1 revenues

'Stick that in your #DeleteFacebook', smirks social network

  • Communications
  • 26 April 2018
Back to Top

Most read

OnePlus 6 release date, specs and price: OnePlus confirms Galaxy S9-esque 'Super Slo Mo' feature
OnePlus 6 release date, specs and price: OnePlus confirms Galaxy S9-esque 'Super Slo Mo' feature
Ubuntu 18.04 LTS arrives with Gnome desktop, improved AI and Nvidia GPU acceleration
Ubuntu 18.04 LTS arrives with Gnome desktop, Kuberflow and Nvidia GPU acceleration
iPhone X2: Intel will reportedly supply 70 per cent of Apple's LTE modems in 2018
iPhone X2: Intel will reportedly supply 70 per cent of Apple's LTE modems in 2018
iPhone X price, deals and news: Apple suppliers confirm iPhone X sales are plummeting
iPhone X price, deals and news: Apple suppliers confirm iPhone X sales are plummeting
Sky Q gets Spotify integration, a new UI and a promise of Smart TV apps and AI
Sky Q gets Spotify integration, a new UI and a promise of Smart TV apps and AI
  • Contact
  • Marketing solutions
  • Enterprise IT Events
  • About Incisive Media
  • Terms & conditions
  • Privacy policy
  • RSS
  • Twitter
  • LinkedIn
  • Newsletters
  • Facebook
  • Google+
  • YouTube

© Incisive Business Media (IP) Limited, Published by Incisive Business Media Limited, New London House, 172 Drury Lane, London WC2B 5QR, registered in England and Wales with company registration numbers 09177174 & 09178013

Digital publisher of the year
Digital publisher of the year 2010, 2013, 2016 & 2017