Apple has fixed a security flaw in its connected home app, HomeKit, which could have been exploited to enable unauthorised control of connected smart accessories.
The flaw is present in the current version of iOS 11.2 and was demonstrated to 9to5Mac. The fix will be rolled out next week.
According to 9to5Mac's source, the vulnerability was difficult to reproduce, but allowed unauthorised control of HomeKit-connected accessories including smart lights, thermostats, and plugs.
Although the flaw didn't concern connected smart home products, instead it was to do with the HomeKit framework itself that helps to connect the different products from various smart device makers.
Since making Apple aware of the bug, the firm has rolled out a server-side fix that now prevents unauthorised access from occurring while limiting some functionality. Apple said an update to iOS 11.2 will be coming next week and this will restore that full functionality.
"The issue affecting HomeKit users running iOS 11.2 has been fixed. The fix temporarily disables remote access to shared users, which will be restored in a software update early next week," Apple said in a statement to 9to5Mac.
The news of the HomeKit bug fix comes just a week after Apple issued a fix for the 'devastating' MacOS High Sierra bug that allowed anyone to gain root access without a password.
The fix arrived as 'Security Update 2017-001', and is available to download from the Mac App Store, promising to plug the easy-to-exploit flaw.
In a statement, the firm said: "Security is a top priority for every Apple product, and regrettably we stumbled with this release of MacOS.
"When our security engineers became aware of the issue Tuesday afternoon, we immediately began working on an update that closes the security hole.
The flaw let anyone gain admin rights on a MacOS machine by typing "root" as the username in the authentication dialogue box, leaving the password fielding blank and clicking on the "unlock" button twice.
Google already claims to carry as much as 25 per cent of global internet traffic
Oracle's 237-fix Patch Tuesday comprises patches for critical flaws in MICROS retail systems and Oracle E-Business Suite
Fusion Middleware, PeopleSoft and MySQL also patched in Oracle's latest Critical Patch Update
Hopefully, the rumoured Sony Xperia XZ Pro will be more of a looker than some of its recent offerings
Campaigners claim that 49 senators have now pledged to vote against Bill to repeal net neutrality in the US