Apple fixes bug in HomeKit app that could allow hackers into your house
An update coming to iOS 11.2 next week will restore full functionality
A SECURITY VULNERABILITY has been uncovered in Apple's connected home app, Homekit
Present in the current version of iOS 11.2, the bug, which was demonstrated to 9to5Mac, allows unauthorised control of connected smart accessories.
According to 9to5Mac's source, the vulnerability was difficult to reproduce, and allowed unauthorised control of HomeKit-connected accessories including smart lights, thermostats, and plugs.
Although the flaw didn't concern connected smart home products, instead it was to do with the HomeKit framework itself that helps to connect the different products from various smart device makers.
Since making Apple aware of the bug, the firm has rolled out a server-side fix that now prevents unauthorised access from occurring while limiting some functionality. Apple said an update to iOS 11.2 will be coming next week and this will restore that full functionality.
"The issue affecting HomeKit users running iOS 11.2 has been fixed. The fix temporarily disables remote access to shared users, which will be restored in a software update early next week," Apple said in a statement to 9to5Mac.
The news of the HomeKit bug fix comes just a week after Apple issued a fix for the 'devastating' macOS High Sierra bug that allowed anyone to gain root access without a password.
The fix arrived as 'Security Update 2017-001', and is available to download from the Mac App Store, promising to plug the easy-to-exploit flaw.
In a statement, the firm said: "Security is a top priority for every Apple product, and regrettably we stumbled with this release of macOS.
"When our security engineers became aware of the issue Tuesday afternoon, we immediately began working on an update that closes the security hole.
The flaw let anyone gain admin rights on a macOS machine by typing "root" as the username in the authentication dialogue box, leaving the password fielding blank and clicking on the "unlock" button twice. µ
INQ Latest
GitHub Universe kicks off with a range of new developer tools
And a cat with eight legs
UK gov ploughs on with plans for mandatory porn age checks
Accessing online grot will require stating your age before the fun starts
Apple cracks down on 'scammy' apps that manipulate subscription model
Comes after report names and shames apps using 'dark patterns' to trick users
ARM's Neoverse chips take aim at servers, IoT infrastructure and, er, Intel
Brit chip designer wants its chips in data centres and beyond
Most read
