News

Developer: iOS and watchOS update made HomeKit less secure

By admin
Spread the love

The finder of the HomeKit bug that allowed remote takeover of devices says an update from Apple after reporting the bug only made the problem worse. Apple recently released a fix.

Where a malicious person under iOS 11.1 and watchOS 4.1 had to hope that the victim had an Apple Watch, it turned out that under iOS 11.2 it was no longer necessary. After that update, an iPhone was enough to get hold of the unique codes to control his or her HomeKit devices, writes Khaos Tian on Medium.

Under iOS 11.2, the ‘home manager’ did not check whether the sender of a message is the owner of the HomeKit devices, but immediately sent the codes to control the devices to a malicious person.

Before rolling out a fix last week, Apple disabled the feature to remotely control devices to prevent exploitation of the vulnerability. Tian further writes that he reported the leak at the end of October. When a fix didn’t come, he teamed up with 9to5Mac to release it, and Apple acted quickly and disabled the feature within two days.

You might also like
News

The original Apple Watch is obsolete and Apple will not take care of it. Nor the…

News

Apple has been working on its own search engine for years. It’s called…

News

Rumor: Apple is working on its own applications based on a large language model

News

Microsoft announces Bing Chat Enterprise and Copilot pricing for businesses

News

Russian ministry bans iPhones due to suspicion of espionage

News

Rumor: First Macs with M3 sockets coming in October