Apple has fixed a security flaw in its connected home app, HomeKit, which could have been exploited to enable unauthorised control of connected smart accessories.
The flaw is present in the current version of iOS 11.2 and was demonstrated to 9to5Mac. The fix will be rolled out next week.
According to 9to5Mac's source, the vulnerability was difficult to reproduce, but allowed unauthorised control of HomeKit-connected accessories including smart lights, thermostats, and plugs.
Although the flaw didn't concern connected smart home products, instead it was to do with the HomeKit framework itself that helps to connect the different products from various smart device makers.
Since making Apple aware of the bug, the firm has rolled out a server-side fix that now prevents unauthorised access from occurring while limiting some functionality. Apple said an update to iOS 11.2 will be coming next week and this will restore that full functionality.
"The issue affecting HomeKit users running iOS 11.2 has been fixed. The fix temporarily disables remote access to shared users, which will be restored in a software update early next week," Apple said in a statement to 9to5Mac.
The news of the HomeKit bug fix comes just a week after Apple issued a fix for the 'devastating' MacOS High Sierra bug that allowed anyone to gain root access without a password.
The fix arrived as 'Security Update 2017-001', and is available to download from the Mac App Store, promising to plug the easy-to-exploit flaw.
In a statement, the firm said: "Security is a top priority for every Apple product, and regrettably we stumbled with this release of MacOS.
"When our security engineers became aware of the issue Tuesday afternoon, we immediately began working on an update that closes the security hole.
The flaw let anyone gain admin rights on a MacOS machine by typing "root" as the username in the authentication dialogue box, leaving the password fielding blank and clicking on the "unlock" button twice.
Using photocatalysts to convert carbon dioxide into usable energy such as methane or ethane
Trained on curated data from Moorfields Eye Hospital, the neural network also shows clinicians how it reached its judgement
Yokohama National University demonstrate technology that could lead to a fault-tolerant universal quantum computer
Top-of-the-range Threadripper 2990WX now available from Scan, Ebuyer, Overclockers, Novatech and Amazon