According to 9to5Mac's source, the vulnerability was hard to reproduce, but allowed unauthorised control of HomeKit-connected accessories including smart lights, thermostats, and plugs.
A HomeKit vulnerability was found in the current version of iOS 11.2 that gave unauthorised access to connected smart devices like smart locks and garage door openers. To exploit the bug the attackers would need to know the email address associated with the Apple ID of the homeowner and knowledge of how the system worked. "The fix temporarily disables remote access to shared users, which will be restored in a software update early next week".
For now, Apple has applied a server-side fix that closes the vulnerability, but it has the side effect of breaking some HomeKit functionality. If there was one iPhone or iPad running iOS 11.2 connected to a HomeKit user's iCloud account, that account was vulnerable.
The disclosure of another bad security flaw comes at a awful time for Apple.
Bridge Constructor Portal revives Valve's murderous but lovable GlaDOS
Bridge Constructor Portal is expected to come out in two weeks, on the 20th of December, for PC, Android, and iOS. In it, players construct spans and supports to allow traffic to flow from one part of the level to another.
Trump Jr. Cites Attorney-Client Privilege In Russia Inquiry
In September, Trump Jr. told the Senate Judiciary Committee that he, Goldstone and Agalarov "never discussed the meeting again". Democrats reject Trump's privilege claim.
Same-sex marriage legalised in Australia
The Bill was opposed by only four members. "It is time for more marriages, more equality, more love". "What a day. In the end, 61.6% of Australia voted in favor of allowing same-sex marriage, with 38.4% saying "no".
The flaw in iOS software exposed key connected home hardware for unauthorized access. However, the vulnerability did not impact earlier versions of the operating system. Another update to iOS next week should eliminate the vulnerability and restore full functionality.
The issue was not with smart home products individually but instead with the HomeKit framework itself that connects products from various companies.The issue was not with smart home products individually but instead with the HomeKit framework itself that connects products from various companies.
In a statement, the firm said: "Security is a top priority for every Apple product, and regrettably we stumbled with this release of MacOS".