HomeKit is the latest Apple product to have a serious security flaw

A Home Kit zero day has affected Apple customers

A Home Kit zero day has affected Apple customers

It's a hole in the software that lets any outside party control HomeKit accessories, which can range from lights to door locks.

The unauthorized access suggests a significant security vulnerability that was allowed to slip through the cracks by Apple's development team. Apple says that the reduced functionality will be restored with an iOS 11.2 update next week. Getting that functionality back will require updating to the latest version of iOS.

Details on how the vulnerability can be exploited were not released as the bug is still potentially exploitable. The problem isn't with any individual smart home device, but with the HomeKit protocol itself. Apple has already put in a server-side fix that rectifies the issue, but the fix also disables remote access to shared users. It's an iOS 11.2 bug that Apple has already fixed via a server patch, and an update to iOS 11.2 will come next week that fixes the other end of the bug on iOS devices (via 9To5Mac).

Last time we described Apple's approach to security to be the same as leaving your door unlocked in a quiet area - OK until some-one nefarious comes along and actually tries the door.

Troublingly, the issue discovered in iOS 11.2 is believed to have been known by Apple since October, when security researchers reportedly informed the company of the vulnerabilities. If an attacker can unlock their home through the app or do damage by adjusting thermostats or turning on appliances, users may have second thoughts about connecting those devices.