Apple has fixed a bug in iOS 11.2 that allowed unauthorized access to HomeKit accessories including smart locks, the company told 9to5Mac in a statement.
"The issue affecting HomeKit users running iOS 11.2 has been fixed. The fix temporarily disables remote access to shared users, which will be restored in a software update early next week," an Apple spokesperson said.
Though the vulnerability impacted all HomeKit devices, it is of particular interest to HomeKit users with smart locks and other HomeKit-enabled devices that allow access to the home, as someone able to exploit this kind of problem could gain entry to a dwelling without a physical key.
As the fix is a server-side update, it means that the end-user doesn’t have to update anything for it to take effect. For the time being, it also means that users with 11.2 won’t have all of the standard remote HomeKit functionality, until Apple rolls out something more permanent next week.
The initial report doesn’t detail the specifics of the exploit in its post, only noting that, “The vulnerability required at least one iPhone or iPad on iOS 11.2, the latest version of Apple’s mobile operating system, connected to the HomeKit user’s iCloud account.” This issue follows a High Sierra bug discovered last month that allowed users to gain admin access without a password.