Technology HomeKit is the latest Apple product to have a serious security flaw

01:27  08 december  2017
01:27  08 december  2017 Source:   bgr.com

The iPhone X will be delivered to your door in just a week

  The iPhone X will be delivered to your door in just a week A week after iPhone X shipping estimates dropped to 1-2 weeks, Apple has further improved delivery times for its best iPhone ever, practically guaranteeing iPhone users they’ll be able to buy the handset in time for Christmas. The current shipping estimate on Apple’s US online store is December 8th, meaning that Apple needs just a week to fulfill your order. You still can buy an iPhone X with same-day pickup in most Apple retail stores. And carriers may also have stock. But if you want to have it delivered to your door the good news is that you only have to wait about a week.

The serious security issues have already been fixed via a server-side patch by Apple , and an update to iOS 11. That flaw was publicly disclosed while it was still live; in the case of this HomeKit bug, it seems that 9to5Mac kept it quiet until Apple had a chance to fix it.

Apple Continues to Deal with Software Issues - After macOS and iOS, HomeKit Is the Latest Product to Have a Serious Security Bug. Zero day remote access flaw has been discovered in HomeKit framework.

a close up of a piece of paper © Provided by BGR

A zero-day vulnerability with Apple’s HomeKit exposed users’ smart door locks and garage-door openers to hackers, 9to5Mac reports. The serious security issues have already been fixed via a server-side patch by Apple, and an update to iOS 11.2 is coming in the near future to fix any broken functionality.

The site reports that a “HomeKit vulnerability in the current version of iOS 11.2 has been demonstrated to 9to5Mac that allows unauthorized control of accessories including smart locks and garage door openers.” It describes the bug as “difficult to reproduce,” but said that it potentially “allowed unauthorized control of HomeKit-connected accessories including smart lights, thermostats, and plugs.”

How the classic Palm Pre figures into the Apple-Qualcomm spat

  How the classic Palm Pre figures into the Apple-Qualcomm spat Qualcomm owns several patents related to Palm and webOS, and is accusing the iPhone of copying its user interface.The same day that Apple filed a countersuit against Qualcomm, alleging that the chipmaker illegally used Apple battery management technology in Snapdragon processors that went into rival phones, Qualcomm filed three new complaints relating to 16 additional patents against Apple, including asking for the iPhone X to be banned.

The serious security problems have already been fastened by the use of a server-side patch by way of Apple , and an replace to iOS 11.2 is coming That flaw was once publicly disclosed whilst it was once nonetheless are living; in the case of this HomeKit worm, it sort of feels that 9to5Mac saved it quiet till

9to5Mac said that “the vulnerability needed at minimum just one Apple iphone or iPad on iOS 11.two, the latest edition of Apple ’s cellular working technique, linked to the HomeKit user’s iCloud account,” which is not specifically simple. Even so, any security flaw that most likely presents a stranger

Users don’t need to run around unplugging all HomeKit-connected devices: 9to5Mac says that Apple has already deployed a server-side update that fixes the bug, which was in the HomeKit service, rather than the code on individual client devices.

The disclosure of another bad security flaw comes at a terrible time for Apple. Just last week, developers found a major flaw in macOS High Sierra that allowed anyone to gain root access to a locked Mac, using no advanced knowledge and seconds of physical access to the machine. That flaw was publicly disclosed while it was still live; in the case of this HomeKit bug, it seems that 9to5Mac kept it quiet until Apple had a chance to fix it.

In a comment to 9to5Mac, Apple said “the issue affecting HomeKit users running iOS 11.2 has been fixed. The fix temporarily disables remote access to shared users, which will be restored in a software update early next week.”

Although the exact nature of the bug hasn’t been disclosed, it sounds far more finnicky than the macOS High Sierra root bug. 9to5Mac said that “the vulnerability required at least one iPhone or iPad on iOS 11.2, the latest version of Apple’s mobile operating system, connected to the HomeKit user’s iCloud account,” which isn’t exactly easy. However, any security flaw that potentially gives a stranger access to your hack is bad news for Apple and the trustworthiness of smart home accessories in general.

iMac Pro will be available Dec. 14 .
Apple says the new high-end all-in-one will go on sale Thursday.First announced in June, the new iMac Pro will drop later this week.

—   Share news in the SOC. Networks

Topical videos:

This is interesting!