Apple has already fixed a major vulnerability on HomeKit, its iOT platform for iOS that lets you control bulbs, doors, thermostats, and other smart things in the home.
Discovered by 9to5Mac, the crash allowed anyone to access any device controlled by the app. The person could turn off the light in the living room, open the garage door or unlock the front door if the equipment was connected to HomeKit.
Although severe, 9to5Mac points out that the vulnerability was difficult to reproduce and is found in the HomeKit framework itself, not some specific IoT device. For security reasons, they did not give details of what happened.
One possibility is that the failure was tied to the HomeKit remote access feature, where you can allow guests to control the devices of a home from their Apple ID.
The reason is simple: The bug has already been fixed by Apple but coincidentally disables HomeKit remote access. According to the company, an update next week should make the appeal come back.
Last week, it was MacOS High Sierra’s turn to get caught up in a serious security flaw. The vulnerability allowed any user to change some important settings or write to a protected folder using root access, even without a password. On the same day. the company has released an emergency update that addresses the vulnerability.