IOS HomeKit bug exposed smart locks to unauthorized access

Specific details of the vulnerability was not shared, but 9to5Mac reported on the issue publicly only after hearing from Apple a fix had been in place.

A new HomeKit zero day bug lets attackers remotely access and control your smart home devices.

Currently, no information on the vulnerability itself has been given, but the news outlet reported that it was hard to reproduce. The most serious ramification of this vulnerability prior to the fix is unauthorized remote control of smart locks and connected garage door openers, the former of which was demonstrated to 9to5Mac. It reportedly required at least one iOS device running iOS 11.2 connected to a user's iCloud account. This portion of the vulnerability was specifically demonstrated first-hand to 9to5Mac, the publication wrote. "The issue affecting HomeKit users running iOS 11.2 has been fixed", an Apple spokesperson said in a statement. The problem isn't with any individual smart home device, but with the HomeKit protocol itself. As such, users will need to take no immediate action to patch the vulnerability and protect their security. The fix temporarily disables remote access to shared users, which will be restored in a software update early next week. For the time being, it also means that users with 11.2 wont have all of the standard remote HomeKit functionality, until Apple rolls out something more permanent next week.

The tvOS and watchOS updates were released on December 4 and 5, respectively, and contain the same fixes: for the aforementioned kernel bugs and a memory corruption issue in IOSurface, which could have allowed a malicious application to execute arbitrary code with kernel privileges. Earlier versions of iOS are not affected by the bug.

Related:

Comments

Latest news

Coutinho gives an update on his future that will worry Liverpool fans
From where I see it, he is more comfortable inside, but the good thing about this player is that he can play in several positions. What will happen in January, we will know it in January.

Man United to Give Mourinho Budget of €90M for January Transfer Window
United turned the game around with two goals in two minutes from Romelu Lukaku and Marcus Rashford to progress to the last 16 as Group A winners.

Market player: CenterPoint Energy, Inc. (CNP) ,Crown Castle International Corp. (REIT) (CCI)
Washington-based Cornerstone Advisors has invested 0.14% in Crown Castle International Corp. (NYSE:REIT) or 133,210 shares. Out of 2 Wall Street analysts rating American Assets Trust, 2 give it "Buy", 0 "Sell" rating , while 0 recommend "Hold".

'There's always a Christmas,' says tree grower in face of proclaimed shortage
The grim holidays of that year's season meant fewer people were buying trees, and growers weren't planing as many new ones. Now, I'm not pointing any fingers, but it is pretty fishy to me that somehow the top has just magically gone missing.

Coordinará Nuño campaña de Meade
Quien es, añadió, "columna vertebral de este nuevo sistema educativo". "Ha sido pieza fundamental para que todos los logros en educación se hayan hecho realidad", aseveró.

Other news