Apple Fixed iOS 11.2 Vulnerability That Allowed Unauthorized Access to HomeKit Devices

A HomeKit vulnerability in iOS 11.2 that allowed unauthorized access to HomeKit accessories that included smart locks has been fixed by Apple, the company told 9to5Mac in a statement today.

homekit

"The issue affecting HomeKit users running iOS 11.2 has been fixed. The fix temporarily disables remote access to shared users, which will be restored in a software update early next week."

To patch the vulnerability, which was reportedly difficult to reproduce, Apple disabled remote access for shared users, something the company says will be reintroduced in a software update that's set to be released early next week.

Apple was able to address the vulnerability server side as it affected the HomeKit framework rather than individual HomeKit products. Though the vulnerability impacted all HomeKit devices, it is of particular interest to HomeKit users with smart locks and other HomeKit-enabled devices that allow access to the home, as someone able to exploit this kind of problem could gain entry to a dwelling without a physical key.

9to5Mac says that Apple was first informed about the security issue and other related HomeKit vulnerabilities in October. Some of the problems were addressed in iOS 11.2 and watchOS 4.2, while the rest were fixed server side. HomeKit setups with at least one connected iPhone or iPad running iOS 11.2 and signed into a HomeKit user's iCloud account were impacted.

Since its launch in 2014, HomeKit has seen many major improvements and its adoption has grown steadily. A wide range of manufacturers have embraced HomeKit, and there are HomeKit lights, outlets, switches, thermostats, window coverings, fans, sensors, cameras, locks, and garage door openers.

August, Friday, Koogeek, Kwikset, Schlage, and Yale all make HomeKit-enabled smart locks that can be controlled via Siri voice commands and HomeKit apps.

Related Forum: iOS 11

Top Rated Comments

Wackery Avatar
54 months ago
apple software used to have a reputation
Score: 32 Votes (Like | Disagree)
ideal.dreams Avatar
54 months ago
Does Apple even have a quality assurance department at this point? The latest releases of iOS and macOS are downright embarrassing.

We share remote access in our family to access all of our HomeKit smart devices and now we're all unable to control our items until sometime next week. Absolutely ridiculous.
Score: 18 Votes (Like | Disagree)
MacFather Avatar
54 months ago
Deleted.
Score: 17 Votes (Like | Disagree)
alexhardaker Avatar
54 months ago
I miss Forstall.
I do too. He should have stayed at Apple and not got asked to leave. It really does show
Score: 11 Votes (Like | Disagree)
calzon65 Avatar
54 months ago
Apple's policy to rush out new versions of IOS each year is pathetic. Their quality control is complete garbage and before someone says, well IOS is a complex operating system having to support both current and many legacy devices ... I don't give a damn.

Apple used to stand for quality, but IOS has become a bloated operating system where the hype is always about new emojis. Apple needs to get off the annual release of major IOS versions and concentrate on efficiency and bug fixes.
Score: 11 Votes (Like | Disagree)
iLoveDeveloping Avatar
54 months ago
IT JUST WORKS.


Makes me sick!
Score: 10 Votes (Like | Disagree)

Popular Stories

intel vs m1 max chip purple

Benchmarks Confirm Intel's Latest Core i9 Chip Outperforms Apple's M1 Max With Several Caveats

Wednesday January 26, 2022 8:56 am PST by
Benchmark results have started to surface for MSI's new GE76 Raider, one of the first laptops to be powered by Intel's new 12th-generation Core i9 processor. Intel previously said that its new high-end Core i9 processor is faster than Apple's M1 Max chip in the 16-inch MacBook Pro and, as noted by Macworld, early Geekbench 5 results do appear to confirm this claim, but there are several...
General Dropbox Feature

macOS 12.3 Will Include Cloud Storage Changes Affecting Dropbox and OneDrive

Tuesday January 25, 2022 3:31 pm PST by
Dropbox today announced that users who update to macOS 12.3 once that software version becomes available may temporarily encounter issues with opening online-only files in some third-party apps on their Mac. In a support document and an email to customers, Dropbox said it is actively working on full support for online-only files on macOS 12.3 and will begin rolling out an updated version of...
Apple Watch Red Yellow Green Feature 1

Apple Launches Black Unity Braided Solo Loop With 'Unity Lights' Watch Face

Wednesday January 26, 2022 6:05 am PST by
Apple today announced the Black Unity Braided Solo Loop for the Apple Watch, as well as a new downloadable watch face, to celebrate Black History Month. Following the launch of the limited edition Black Unity Apple Watch Series 6 and Sport Band in 2021, Apple today launched the Black Unity Braided Solo Loop as part of its celebrations for Black History Month this year.Apple is launching a...
ios 15

Apple Releases iOS 15.3 and iPadOS 15.3 With Fix for Safari Bug That Leaks Browsing Activity

Wednesday January 26, 2022 10:00 am PST by
Apple today released iOS 15.3 and iPadOS 15.3, the third major updates to the iOS and iPadOS 15 operating systems that were released in September 2021. iOS and iPadOS 15.3 come almost two weeks after the release of iOS and iPadOS 15.2.1, minor bug fix updates. The iOS 15.3 and iPadOS 15.3 updates can be downloaded for free and the software is available on all eligible devices over-the-air in ...
iOS 15

Everything New in iOS 15.4 and iPadOS 15.4: Face ID With a Mask, Emojis, Apple Card Widget, Universal Control and More

Thursday January 27, 2022 12:08 pm PST by
Apple today seeded the first betas of iOS 15.4, iPadOS 15.4 to developers for testing purposes, adding a slew of new features to the latest iOS operating systems. iOS 15.4 is the biggest update that we've had to iOS 15 to date, and it brings Universal Control, Face ID with a mask, new emojis, and tons more. Face ID With a Mask With iOS 15.4, there is now an option to unlock your iPhone...
mobeewave

Upcoming iOS Update Will Allow iPhones to Accept Credit Cards Directly Using NFC

Wednesday January 26, 2022 6:00 pm PST by
Apple is working on a new payments service that will allow iPhones to accept payments directly on device with no additional hardware, reports Bloomberg. Right now, iPhones can accept credit cards with add-ons like the Square Reader, but Apple's new technology will eliminate the need for a third-party product. Individuals and small businesses will be able to accept payments with the tap of a...
macOS Monterey on MBP Feature

Apple Releases macOS Monterey 12.2 With Safari Vulnerability Fix

Wednesday January 26, 2022 10:19 am PST by
Apple today released macOS Monterey 12.2, the second major update to the macOS Monterey update that launched in October. macOS Monterey 12.2 comes over a month after the release of the 12.1 update, which brought SharePlay support. The ‌‌‌macOS Monterey 12.2‌‌ update can be downloaded on all eligible Macs using the Software Update section of System Preferences. Apple has also...