Specific details of the vulnerability was not shared, but 9to5Mac reported on the issue publicly only after hearing from Apple a fix had been in place.
A new HomeKitzero day bug lets attackers remotely access and control your smart home devices.
Currently, no information on the vulnerability itself has been given, but the news outlet reported that it was hard to reproduce. The most serious ramification of this vulnerability prior to the fix is unauthorized remote control of smart locks and connected garage door openers, the former of which was demonstrated to 9to5Mac. It reportedly required at least one iOS device running iOS 11.2 connected to a user's iCloud account. This portion of the vulnerability was specifically demonstrated first-hand to 9to5Mac, the publication wrote. "The issue affecting HomeKit users running iOS 11.2 has been fixed", an Apple spokesperson said in a statement. The problem isn't with any individual smart home device, but with the HomeKit protocol itself. As such, users will need to take no immediate action to patch the vulnerability and protect their security. The fix temporarily disables remote access to shared users, which will be restored in a software update early next week. For the time being, it also means that users with 11.2 wont have all of the standard remote HomeKit functionality, until Apple rolls out something more permanent next week.
The tvOS and watchOS updates were released on December 4 and 5, respectively, and contain the same fixes: for the aforementioned kernel bugs and a memory corruption issue in IOSurface, which could have allowed a malicious application to execute arbitrary code with kernel privileges. Earlier versions of iOS are not affected by the bug.
Livestreaming, New Games Coming to Facebook Messenger
The feature, powered by Facebook Live, lets Messenger users broadcast their gameplay to their Facebook Page or profile. Facebook also announced that it is rolling out support for livestreaming Facebook Messenger games, starting today.