Apple has been making news headlines in the past few weeks for security issues in its iOS and macOS products. It appears the company's HomeKit wasn't safe from security problems too. Apple has, however, remained particularly responsive over these latest issues. After the bug in the HomeKit was reported to the Cupertino iPhone maker, Apple issued an emergency patch to address the security flaws.
Report claims zero-day iOS HomeKit vulnerability allowed remote access to smart accessories
According to a report published by 9to5Mac, Apple's HomeKit framework has a security vulnerability that enables unauthorized access to connected smart devices, such as smart lights, thermostats, and plugs. While the publication hasn't shared any specific details, it said that the "issue was not with smart home products individually but instead with the HomeKit framework itself that connects products from various companies."
It also added that attackers would need to have at least one iPhone or iPad on iOS 11.2 connected to the HomeKit user’s iCloud account to exploit this vulnerability. Apparently, earlier versions of iOS cannot be used to exploit this bug. Apple has said that it has fixed the bug temporarily. A more permanent fix will be released next week.
“The issue affecting HomeKit users running iOS 11.2 has been fixed. The fix temporarily disables remote access to shared users, which will be restored in a software update early next week.”
The disclosure - while coming along with the news of a fix - is yet another addition to the increasing list of bugs in Apple's products and services. Only last week, a massive security issue was discovered in macOS High Sierra that enabled anyone with physical access to a machine to gain root access of a Mac.