Apple will fix a major flaw in HomeKit that allows to control the connected accessories remotely

An important security vulnerability has been detected in iOS 11.2, it concerns HomeKit. A malicious person can take remote control of connected objects from a house without the user being aware. Apple was warned of the flaw, discovered by 9to5Mac, and began doing what was needed. This is a zero-day flaw.

 

The site does not detail the flaw because it could be exploited by malicious people around the world and this is not the goal. However, he adds that it is complicated to reproduce and that Apple has made a remote modification to prevent unauthorized access to HomeKit objects, such as connected locks, lamps that are controlled from their iPhone, blinds, and more. again. However, this change disables the feature that lets you share access to a connected object with other users.

Apple will release an update of iOS 11.2 (most likely iOS 11.2.1) early next week to actually block the flaw and restore disabled features. The flaw does not exist at the level of connected objects, but at the level of the framework of HomeKit in iOS.

Interestingly enough, Apple has been warned of some more or less similar flaws in HomeKit in late October and some have been fixed with iOS 11.2. But some still exist, including the one unveiled today. In any case, we note that Apple connects the gaffes lately