Apple Fixes iOS 11.2 HomeKit Flaw; Allowed Unauthorized Remote Access to Homes


9to5Mac reports on an iOS 11.2 flaw which affected HomeKit, allowing unauthorized remote access to devices, as shown to the publication. Apple was informed of the HomeKit vulnerability (dating back to October) and fixed it server-side temporarily, with a full fix coming in an iOS update next week.

As per Zac Hall from 9to5Mac:

A HomeKit vulnerability in the current version of iOS 11.2 has been demonstrated to 9to5Mac that allows unauthorized control of accessories including smart locks and garage door openers. Our understanding is Apple has rolled out a server-side fix that now prevent unauthorized access from occurring while limiting some functionality, and an update to iOS 11.2 coming next week will restore that full functionality.

Apple homekit

The issue was with the HomeKit framework and not individual smart home products. The exploit required an iPhone or iPad iOS 11.2, while connected to a user’s iCloud account. Specific details of the vulnerability was not shared, but 9to5Mac reported on the issue publicly only after hearing from Apple a fix had been in place.

The iPhone maker said in a statement, “The issue affecting HomeKit users running iOS 11.2 has been fixed. The fix temporarily disables remote access to shared users, which will be restored in a software update early next week.”


  • speedracer99

    With all the security vulnerabilities from Apple these days, e.g.: Mac Root issue etc and now homekit, it’s clear their Quality Assurance team has had budget cuts or they are simply incompetent. Such serious issues should never go undetected!!!

  • Janker

    That’s a utopian view of the world but not remotely realistic or attainable. Software is created by imperfect humans, and is getting incredibly complex, so there will always be issues. Having a process to catch them and fix them quickly is key, and Apple appears to have that.

  • speedracer99

    Having root account with no password, should never have happened. Its Q.A.101 fundamentals. Sure they corrected it, but should have never even been an issue. This is Apple not some Ma & Pa shop developer.