IOS HomeKit Zero Day Lets Attackers Remotely Access Your Smart Home

The vulnerability apparently allowed unauthorized access to HomeKit connected devices like smart lights, smart locks and more.

On Thursday, 9to5Mac disclosed the bug, which it said was "difficult to reproduce".

A zero-day vulnerability with Apple's HomeKit exposed users' smart door locks and garage-door openers to hackers, 9to5Mac reports.

Cyclone Ockhi: Gujarat, Maharashtra on alert as IMD issues fresh warning
India's coast guard and navy have rescued about 223 fishermen and evacuated thousands of people from cyclone hit areas.

What's Ahead for OSI Systems, Inc. (OSIS) After Today's Big Increase?
Two equities research analysts have rated the stock with a hold rating and four have issued a buy rating to the company. It has outperformed by 39.95% the S&P500.The move comes after 8 months positive chart setup for the $1.24B company.

Rogers Evaluating Sale of Blue Jays, Cogeco Stake, CFO Says
A spokeswoman for Rogers, Sarah Schmidt, said on Wednesday that the company "would like to surface value and get credit" for its "terrific sports assets".

The issue didn't involve smart home products but instead the HomeKit framework itself.

Security updates for iTunes and Safari have also been pushed out, but details about the patched bugs are yet to be released - and there's no official explanation for the dalay.

The website is vague about how the attack worked, but said: "The vulnerability required at least one iPhone or iPad on iOS 11.2, the latest version of Apple's mobile operating system, connected to the HomeKit user's iCloud account; earlier versions of iOS were not affected". Nevertheless, the publication saw a demo of the bug, which gave the attacker remote control over an Apple HomeKit-developed smart lock. However, this fix was not ready in time for iOS 11.2 and watchOS 4.2, which both arrived in early December. Just last week, developers found a major flaw in macOS High Sierra that allowed anyone to gain root access to a locked Mac, using no advanced knowledge and seconds of physical access to the machine. However, the fix does disable some of the HomeKit functionality for remote users, although the disruption to the service's functionality will be fixed in the future iOS update. "Owners need to be vigilant in monitoring for device updates if they choose to deploy these in their own homes", senior security researcher at Cylance, Jeff Tang, told IT Pro.

Recommended:

• 

  08 December 2017

  Over 20 die, several missing as boat capsizes in Pakistan

  The dead include five women and four children, while at least twenty others were pulled from the sea alive. The passengers were mostly pilgrims were travelling to attend an annual celebration of a sufi saint.
  

  08 December 2017

  Liberia court says presidential runoff vote can go ahead

  As a result the commission was prohibited from airing its views in public on "any matters which may grow out of the runoff election", Banks said.
  

  08 December 2017

  Gunmen kidnap son of PDP chairman

  Akans said the kidnappers have not contacted the family or PDP members. "Yes, it is true, the abductors of Hon Damishi T. However, the Kaduna State Police Command has said special forces had been dispatched to rescue Sango and four others.
• 

  08 December 2017

  College Football Playoff features familiar faces

  What if it was Ohio State the Tigers were playing, and Clemson beat the Buckeyes and went on to win the whole thing. Nick Chubb and Sony Michel have combined for more than 2,100 yards on the ground and 13 touchdowns apiece.
  

  08 December 2017

  Light snow in the forecast for NYC this weekend

  Some of our models are hinting at a final push of moisture that swings through overnight Friday into Saturday morning. Tomorrow: Temperatures will warm to just at freezing during the day tomorrow.
  

  08 December 2017

  Federal Bureau of Investigation director defends agency against Donald Trump's attacks

  As CNN reported , Strzok changed Comey's key description of Clinton's actions from "grossly negligent" to "extremely careless". His bosses, Attorney General Jeff Sessions and Rosenstein, remained publicly silent, leaving Wray to defend the agency.
• 

  08 December 2017

  Two teens killed in United States school shooting, attacker dead

  After reports of shooting, Deputies with the sheriff's office and surrounding police departments responded to the school. The city of Aztec is the county seat of San Juan County in northwest New Mexico in the Four Corners area.

  BHP Billiton (BLT) Receives "Hold" Rating from Jefferies Group

  Lafemina now expects that the mining company will earn $2.82 per share for the year, up from their previous estimate of $2.81. BHP Billiton presently has a consensus rating of Hold and an average price target of GBX 1,367.81 ($18.41).
  

  08 December 2017

  Britain and European Union reach historic deal on Brexit divorce terms

  The Government continues to insist it will not change the substance of what it says was agreed with the British government on Brexit earlier this week.
• 

  08 December 2017

  Wanna Go SLI With Titan V? NVLINK Bridge costs 599 Dollars

  We broke new ground with its new processor architecture, instructions, numerical formats, memory architecture and processor links. The Titan V is the first consumer grade GPU based around Nvidia's new Volta architecture and retails for 2 ,999 dollars.
  

  08 December 2017

  First Solar, Inc. (FSLR)

  Ontario - Canada-based Agf Investments America has invested 0.56% in First Solar, Inc . (NASDAQ: FSLR ) for 332,691 shares. For FSLR , the company now has 2.04 billion of cash on the books, which is offset by 13.45 million in current liabilities.
  

  08 December 2017

  Former USWNT star Hope Solo says she's running for US Soccer president

  Later, Nichols was pushed out by the USWNT players, who went on to sign a new collective bargaining agreement with U.S. Hope Solo (1) celebrates with her teammates after winning the 2015 Women's World Cup in a 5-2 victory over Japan.