Apple has quickly closed the door on a HomeKit vulnerability introduced in iOS 11.2, 9to5Mac reports.
The security flaw, demonstrated privately to 9to5Mac, allowed “unauthorized control of accessories including smart locks and garage door openers.” The report does not describe the vulnerability in detail and adds that it “was difficult to reproduce” but that it did allow access to pretty much any HomeKit-connected accessory once at least one iOS 11.2 device was connected to a HomeKit users’s iCloud account.
Apple has apparently rolled out a server-side fix immediately that closes the hole and temporarily disables remote access to shared users; an iOS update is expected next week that will properly fix the problem and restore remote shared access.
