Apple has fixed a vulnerability in its HomeKit internet-of-things platform that allowed a hacker to take remote control of users’ gadgets, including smart locks.
9to5Mac first wrote about the vulnerability, which it says is “difficult to reproduce.” Still, it was dangerous. If there was one iPhone or iPad running iOS 11.2 connected to a HomeKit user’s iCloud account, that account was vulnerable. An attacker could potentially tamper with a user’s smart lights or thermostats, or — even worse — open their garage or even their front door if it had a HomeKit-enabled smart lock.
Apple told 9to5Mac, “The issue affecting HomeKit users running iOS 11.2 has been fixed.” However, “The fix temporarily disables remote access to shared users, which will be restored in a software update early next week,” an Apple spokesperson said.
Fortunately for users, there’s nothing they need to do at this time — their HomeKits are already safe from hackers (at least from any known bugs).
Apple’s on a good run lately.
To recap, users in the last month had:
– Bug that let anyone be root with an empty password
– Fixed that bug then un-fixed in another update
– Bug that autocorrected “I” to [?]
– Bug that exposed HomeKit
– Bug that broke file sharing
— Internet of Shiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiit (@internetofshit) December 8, 2017
Bugs do happen and IoT gadgets like smart locks definitely aren’t immune to them, but it appears Apple has really dropped the ball recently when it comes to the security of their products.
In October, Apple fixed a macOS High Sierra bug that exposed the user’s password in plain text in certain scenarios. Late last month, the company fixed another embarrassing macOS bug — one that enabled anyone to easily gain administrator access to a Mac. Even though Apple publicly apologized for that bug and promised to tighten up security, that fix contained another bug, which temporarily broke file sharing for some users.
Every editorial product is independently selected by Mashable journalists. If you buy something featured, we may earn an affiliate commission which helps support our journalism.