IOS HomeKit Zero Day Lets Attackers Remotely Access Your Smart Home

HomeKit Hero

The bug requires at least one iPhone or iPad running iOS 11.2, connected to a person's iCloud account. That means, presumably, that the flaw was live for several weeks in current versions of iOS and watchOS before being addressed.

Details on how the vulnerability can be exploited were not released as the bug is still potentially exploitable.

Last time we described Apple's approach to security to be the same as leaving your door unlocked in a quiet area - OK until some-one nefarious comes along and actually tries the door. Other issues in this category were fixed server-side from Apple so end users needed to take no action.

Apple says it's issued a fix for an iOS security flaw that left key connect home hardware open to unauthorized third-party access. "The issue affecting HomeKit users running iOS 11.2 has been fixed", an Apple spokesperson said in a statement. The fix temporarily disables remote access to shared users, which will be restored in a software update early next week. Just be sure to install the iOS update when it's released in order to regain the reduced functionality.

A zero-day Apple HomeKit vulnerability has been discovered that allows unauthorized remote access to smart accessories.

The tvOS and watchOS updates were released on December 4 and 5, respectively, and contain the same fixes: for the aforementioned kernel bugs and a memory corruption issue in IOSurface, which could have allowed a malicious application to execute arbitrary code with kernel privileges.

The existence of the vulnerability isn't necessarily damning for HomeKit as a product, but it does raise questions for users as to how much they should trust to the application.

Related News:



Most liked

California wind, fire danger hit unprecedented high
Los Angeles Mayor Eric Garcetti declared a state of emergency while 11 Los Angeles Unified schools canceled Wednesday classes. The fire was burning in the Hollywood Hills near the exclusive Bel Air neighborhood, home to many celebrities.

Johnson & Johnson (JNJ) Shares Bought by IFM Investors Pty Ltd
The company reported $1.83 earnings per share for the quarter, topping analysts' consensus estimates of $1.77 by $0.06. The Pennsylvania-based Conestoga Cap Advsrs Ltd Liability Corp has invested 0.03% in Johnson & Johnson (NYSE:JNJ).

Delhi International Film Festival Pays Tribute To Stalwarts Of The Entertainment Industry
Egyptian Wahid Hamid, who has been producing script for Arab TV and cinema for more than 40 years, was also rewarded. The festival was honoured by the presence of His Highness Sheikh Mansoor bin Mohammed bin Rashid Al Maktoum.

Champions League: United, Juve into Last 16; as Bayern Beat PSG
It's normal - first match of the season for him. "And he's going to get more because the performance was really positive". But Shaw took his chance last night, playing the full 90 minutes of United's 2-1 win over CSKA Moscow .

Hess Corporation (HES) Formed Bullish Inverse Head & Shoulders; Buyers Could Thrive
The oil and gas producer reported ($1.07) EPS for the quarter, beating the Zacks' consensus estimate of ($1.29) by $0.22. The fund owned 538,416 shares of the oil and gas producer's stock after selling 66,260 shares during the period.

Stephens Reports That They Have Downgraded PNC Financial (NYSE:PNC) Shares
Following the completion of the transaction, the insider now owns 20,449 shares of the company's stock, valued at $2,801,104.02. Typically, the higher the current ratio the better, as the company may be more capable of paying back its obligations.

BMO Capital Markets Reiterates Outperform Rating for Sage Therapeutics (SAGE)
The rating was upgraded by Chardan Capital Markets to "Buy" on Friday, November 10. (NASDAQ: SAGE ) earned "Hold" rating by H.C. Sage's shares crumbled in September when its lead drug failed to outperform a placebo in treating a rare form of seizures.

Destination Wealth Management Lowers Position in Stryker Corporation (NYSE:SYK)
The medical technology company reported $1.52 EPS for the quarter, beating analysts' consensus estimates of $1.50 by $0.02. Stryker has agreed to pay $24 per share for Entellus , a premium of about 50 percent from Wednesday's closing price.

Meek Mill Working Multiple Jobs in Prison for Little Pay
After another failed attempt to appeal Meek Mill's prison sentence, news leaked about the rapper's job life behind bars. Outside of the kitchen, Meek has access to electrical and carpentry shops and is on the waitlist for therapy classes.

Technicals in The Spotlight For Goodyear Tire Rubber (GT)
Tudor Corp Et Al owns 11,051 shares or 0.01% of their U.S. portfolio. 1St Global Advisors Incorporated reported 0.08% stake. The stock of The Goodyear Tire & Rubber Company (NASDAQ:GT) earned "Neutral" rating by Guggenheim on Wednesday, November 1.

Analyst's Predictions on Harley-Davidson, Inc. (HOG), QUALCOMM Incorporated (QCOM)
The stock of Oxford Industries, Inc. (NYSE:HOG) has "Underperform" rating given on Wednesday, October 19 by RBC Capital Markets. Ameritas Partners holds 0.01% in Harley-Davidson, Inc. (NYSE:HOG) on Wednesday, April 19 with "Sector Perform" rating.

Iranian teenager comes clean about her surgeries to look like Angelina Jolie
It comes as new "before" pictures of Sahar have emerged which show just how dramatic her transformation has been. While this bait went on the Internet for a week, Sahar has come forward reacting to the issue.

SeaWorld Entertainment, Inc. (SEAS)
Poplar Forest Capital Llc increased Aecom (NYSE:ACM) stake by 65,169 shares to 1.41 million valued at $45.53 million in 2017Q2. In a transaction dated August 24, 2017, the shares were bought at an average price of $13.32, giving away a sum of $4,488,840.

Blackrock New York Muni Trust (BQH): SuperTrend Above Stock Price
The last close places the company's stock about $6.55 off its 52 week high of $30.49 and $3.6 above the 52 week low of $20.34. Technical analysts may be interested in how Invesco Muni Income Trust (OIA) is trading in relation to some moving averages.

Geoff Keighley Teases Major New Announcement at The Game Awards
Games like Persona 5 , Super Mario Odyssey , and Horizon Zero Dawn jostle for awards such as Game of the Year. At 8:30 PM EST, the awards ceremony will begin, but you still have time to vote for your favorite games.