iPhone XS and XS Max in silver, space gray, and gold.
Apple Fixed iOS 11.2 Vulnerability That Allowed Unauthorized Access to HomeKit Devices
A HomeKit vulnerability in iOS 11.2 that allowed unauthorized access to HomeKit accessories that included smart locks has been fixed by Apple, the company told 9to5Mac in a statement today.
Apple was able to address the vulnerability server side as it affected the HomeKit framework rather than individual HomeKit products. Though the vulnerability impacted all HomeKit devices, it is of particular interest to HomeKit users with smart locks and other HomeKit-enabled devices that allow access to the home, as someone able to exploit this kind of problem could gain entry to a dwelling without a physical key.
9to5Mac says that Apple was first informed about the security issue and other related HomeKit vulnerabilities in October. Some of the problems were addressed in iOS 11.2 and watchOS 4.2, while the rest were fixed server side. HomeKit setups with at least one connected iPhone or iPad running iOS 11.2 and signed into a HomeKit user's iCloud account were impacted.
Since its launch in 2014, HomeKit has seen many major improvements and its adoption has grown steadily. A wide range of manufacturers have embraced HomeKit, and there are HomeKit lights, outlets, switches, thermostats, window coverings, fans, sensors, cameras, locks, and garage door openers.
August, Friday, Koogeek, Kwikset, Schlage, and Yale all make HomeKit-enabled smart locks that can be controlled via Siri voice commands and HomeKit apps.
"The issue affecting HomeKit users running iOS 11.2 has been fixed. The fix temporarily disables remote access to shared users, which will be restored in a software update early next week."To patch the vulnerability, which was reportedly difficult to reproduce, Apple disabled remote access for shared users, something the company says will be reintroduced in a software update that's set to be released early next week.
Apple was able to address the vulnerability server side as it affected the HomeKit framework rather than individual HomeKit products. Though the vulnerability impacted all HomeKit devices, it is of particular interest to HomeKit users with smart locks and other HomeKit-enabled devices that allow access to the home, as someone able to exploit this kind of problem could gain entry to a dwelling without a physical key.
9to5Mac says that Apple was first informed about the security issue and other related HomeKit vulnerabilities in October. Some of the problems were addressed in iOS 11.2 and watchOS 4.2, while the rest were fixed server side. HomeKit setups with at least one connected iPhone or iPad running iOS 11.2 and signed into a HomeKit user's iCloud account were impacted.
Since its launch in 2014, HomeKit has seen many major improvements and its adoption has grown steadily. A wide range of manufacturers have embraced HomeKit, and there are HomeKit lights, outlets, switches, thermostats, window coverings, fans, sensors, cameras, locks, and garage door openers.
August, Friday, Koogeek, Kwikset, Schlage, and Yale all make HomeKit-enabled smart locks that can be controlled via Siri voice commands and HomeKit apps.
Tag: HomeKit
[ 112 comments ]
Top Rated Comments
(View all)
10 months ago
Does Apple even have a quality assurance department at this point? The latest releases of iOS and macOS are downright embarrassing.
We share remote access in our family to access all of our HomeKit smart devices and now we're all unable to control our items until sometime next week. Absolutely ridiculous.
We share remote access in our family to access all of our HomeKit smart devices and now we're all unable to control our items until sometime next week. Absolutely ridiculous.
10 months ago
Apple's policy to rush out new versions of IOS each year is pathetic. Their quality control is complete garbage and before someone says, well IOS is a complex operating system having to support both current and many legacy devices ... I don't give a damn.
Apple used to stand for quality, but IOS has become a bloated operating system where the hype is always about new emojis. Apple needs to get off the annual release of major IOS versions and concentrate on efficiency and bug fixes.
Apple used to stand for quality, but IOS has become a bloated operating system where the hype is always about new emojis. Apple needs to get off the annual release of major IOS versions and concentrate on efficiency and bug fixes.
10 months ago
I miss Forstall.
I do too. He should have stayed at Apple and not got asked to leave. It really does show
10 months ago
apple software used to have a reputation
It still does - just maybe not the same one you're referring to.
10 months ago
apple software used to have a reputation
It still does. It’s simply switched direction. :apple:
10 months ago
For all the people saying “No HomeKit, no buy” because of HomeKit’s top-notch security, just keep this incident in mind. There are almost surely other security holes lurking in the code just as there are in virtually every software. Apple needs to do some serious self-examination after the macOS and iOS bugs of late. Having 10 or 15 public betas is not a replacement for doing thorough, in-house code reviews and testing.
10 months ago
Wow, so much negativity against Apple. When Apple has full control of a product they usually do fantastic work. But in the case of HomeKit, Apple has had to contend with many third-party producers to tie their products into the HomeKit application. I am not surprised that there are not many more problems With third-party’s code stepping all over the Apple code and causing additional problems. At least Apple is pretty good at fixing the problems fast, once they are identified.
You read an article about a vulnerability in Homekit's framework but decided to post a comment throwing dirt on 3rd parties? I mean while we're at it, let's just blame the macOS hole and iOS issue on 3rd parties too. Not only do you unfairly disparage 3rd parties, you try to diminish Apple's culpability with "at least they are pretty good at fixing problems fast once they are identified". So they aren't at fault and they fix problems fast. Got it. We should be grateful.I gotta preemptively apologize. For some odd reason I am unnaturally and unreasonably triggered by your post. I think it's the blame others but praise Apple's quickness take that's got me sideways. It's either that or the fact that the cat keeps sticking her paw in my scotch glass and drinking from her claw. Little bit of column A, little of column B maybe. Sorry.
[ Read All Comments ]
With several of our recent giveaways focusing on Apple's new iPhone models that are launching today in the US and several other countries, today's giveaway goes back to the Mac. Rain Design...
Belkin today introduced its BOOSTUP Wireless Charging Dock for wirelessly charging an iPhone and Apple Watch at the same time. There is also a USB-A port for charging a third device like an iPad via...
Best Buy's one-day sale today is discounting a collection of Apple Watch Series 3 models (GPS + Cellular) that have been officially refurbished by Geek Squad. Prices for the aluminum models are...
Apple has launched a new iPhone XS and iPhone XS Max "experience" micro-site that puts its ".apple" top-level domain to use, as discovered on Reddit.
As noted by 9to5Mac's...
Microsoft has revealed that Skype is coming to Alexa devices. The partnership between Microsoft and Amazon means that owners of devices in Amazon's Echo range will soon be able to make outgoing...
In iOS 12, Apple added a new Effects camera in Messages that's similar to the live camera features in Snapchat and Instagram, allowing you to take a photo in the Messages app and then edit it...
Apple has given a straight-to-series order for drama series "Defending Jacob," which will star Chris Evans, known for his roles in "Captain America" and "The Avengers,"...
In iOS 12, Apple has introduced new password-related features that are designed to make it easier for iPhone and iPad users to create strong, secure, and unique passwords for app and website logins....
