Apple Fixed iOS 11.2 Vulnerability That Allowed Unauthorized Access to HomeKit Devices

A HomeKit vulnerability in iOS 11.2 that allowed unauthorized access to HomeKit accessories that included smart locks has been fixed by Apple, the company told 9to5Mac in a statement today.

homekit

"The issue affecting HomeKit users running iOS 11.2 has been fixed. The fix temporarily disables remote access to shared users, which will be restored in a software update early next week."

To patch the vulnerability, which was reportedly difficult to reproduce, Apple disabled remote access for shared users, something the company says will be reintroduced in a software update that's set to be released early next week.

Apple was able to address the vulnerability server side as it affected the HomeKit framework rather than individual HomeKit products. Though the vulnerability impacted all HomeKit devices, it is of particular interest to HomeKit users with smart locks and other HomeKit-enabled devices that allow access to the home, as someone able to exploit this kind of problem could gain entry to a dwelling without a physical key.

9to5Mac says that Apple was first informed about the security issue and other related HomeKit vulnerabilities in October. Some of the problems were addressed in iOS 11.2 and watchOS 4.2, while the rest were fixed server side. HomeKit setups with at least one connected iPhone or iPad running iOS 11.2 and signed into a HomeKit user's iCloud account were impacted.

Since its launch in 2014, HomeKit has seen many major improvements and its adoption has grown steadily. A wide range of manufacturers have embraced HomeKit, and there are HomeKit lights, outlets, switches, thermostats, window coverings, fans, sensors, cameras, locks, and garage door openers.

August, Friday, Koogeek, Kwikset, Schlage, and Yale all make HomeKit-enabled smart locks that can be controlled via Siri voice commands and HomeKit apps.

Related Forum: iOS 11

Top Rated Comments

Wackery Avatar
61 months ago
apple software used to have a reputation
Score: 32 Votes (Like | Disagree)
ideal.dreams Avatar
61 months ago
Does Apple even have a quality assurance department at this point? The latest releases of iOS and macOS are downright embarrassing.

We share remote access in our family to access all of our HomeKit smart devices and now we're all unable to control our items until sometime next week. Absolutely ridiculous.
Score: 18 Votes (Like | Disagree)
MacFather Avatar
61 months ago
Deleted.
Score: 17 Votes (Like | Disagree)
alexhardaker Avatar
61 months ago
I miss Forstall.
I do too. He should have stayed at Apple and not got asked to leave. It really does show
Score: 11 Votes (Like | Disagree)
calzon65 Avatar
61 months ago
Apple's policy to rush out new versions of IOS each year is pathetic. Their quality control is complete garbage and before someone says, well IOS is a complex operating system having to support both current and many legacy devices ... I don't give a damn.

Apple used to stand for quality, but IOS has become a bloated operating system where the hype is always about new emojis. Apple needs to get off the annual release of major IOS versions and concentrate on efficiency and bug fixes.
Score: 11 Votes (Like | Disagree)
iLoveDeveloping Avatar
61 months ago
IT JUST WORKS.


Makes me sick!
Score: 10 Votes (Like | Disagree)

Popular Stories

Apple Watch Series 7 Starlight Midnight

Standard Apple Watch Series 8 Rumored to Feature Same Design as Series 7

Friday August 5, 2022 7:46 am PDT by
The standard 41mm and 45mm models of the Apple Watch Series 8 will feature the same design as the Apple Watch Series 7, according to Twitter user @ShrimpApplePro, who was first to reveal that iPhone 14 Pro models would feature a new pill-and-hole display. Titanium will not be an option for the standard Apple Watch Series 8 models either, according to @ShrimpApplePro, but Bloomberg's Mark...
cook sept 2020 event

Gurman: Apple Preparing Pre-Recorded iPhone 14 and Apple Watch Series 8 Event

Sunday August 7, 2022 6:13 am PDT by
Apple has "started to record" its virtual September event, where it's expected to announce the upcoming iPhone 14 lineup, the Apple Watch Series 8, and a new "rugged" Apple Watch model, according to Bloomberg's Mark Gurman. Writing in his latest Power On newsletter, Gurman says the event, which is expected to take place in the early part of September, is already under production, implying...
iPhone 14 Pro Purple Front and Back MacRumors Exclusive

Five iPhone 14 Rumors You May Have Missed

Thursday August 4, 2022 6:05 am PDT by
With August upon us, the countdown is officially on. We're just weeks away from when we're expecting Apple to announce the iPhone 14 lineup. Rumors of the next iPhone start early in the year, and as a result, some details about the upcoming device sometimes get lost in the crowd. Exclusive MacRumors iPhone 14 Pro renders by graphic designer Ian Zelbo To help MacRumors readers, we've created a ...
banish safari app pop ups

New iOS App Blocks Those Annoying 'Open in App' Pop-Ups in Safari

Friday August 5, 2022 2:47 am PDT by
You've probably experienced visiting a website like Reddit or LinkedIn on your iPhone only to be greeted with an annoying, almost full-screen pop-up urging you to view the content in their app instead of on the website. It's a common practice for websites that have accompanying iOS apps to push users to open (if they already have the app installed) or download their app from the App Store to ...
top stories 7aug22

Top Stories: iPadOS 16 Delayed, iPhone 14 Pro Rumors, Studio Display Speaker Issues

Saturday August 6, 2022 6:00 am PDT by
The big Apple news this week was word that the upcoming iPadOS 16 update apparently won't be arriving alongside its counterpart update for the iPhone in September, largely due to a need to continue refining the new Stage Manager multitasking feature. Other popular stories this week included more hints about the iPhone 14 Pro's rumored always-on display, potential design leaks for the...