Apple has fixed a security flaw in its connected home app, HomeKit, which could have been exploited to enable unauthorised control of connected smart accessories.
The flaw is present in the current version of iOS 11.2 and was demonstrated to 9to5Mac. The fix will be rolled out next week.
According to 9to5Mac's source, the vulnerability was difficult to reproduce, but allowed unauthorised control of HomeKit-connected accessories including smart lights, thermostats, and plugs.
Although the flaw didn't concern connected smart home products, instead it was to do with the HomeKit framework itself that helps to connect the different products from various smart device makers.
Since making Apple aware of the bug, the firm has rolled out a server-side fix that now prevents unauthorised access from occurring while limiting some functionality. Apple said an update to iOS 11.2 will be coming next week and this will restore that full functionality.
"The issue affecting HomeKit users running iOS 11.2 has been fixed. The fix temporarily disables remote access to shared users, which will be restored in a software update early next week," Apple said in a statement to 9to5Mac.
The news of the HomeKit bug fix comes just a week after Apple issued a fix for the 'devastating' MacOS High Sierra bug that allowed anyone to gain root access without a password.
The fix arrived as 'Security Update 2017-001', and is available to download from the Mac App Store, promising to plug the easy-to-exploit flaw.
In a statement, the firm said: "Security is a top priority for every Apple product, and regrettably we stumbled with this release of MacOS.
"When our security engineers became aware of the issue Tuesday afternoon, we immediately began working on an update that closes the security hole.
The flaw let anyone gain admin rights on a MacOS machine by typing "root" as the username in the authentication dialogue box, leaving the password fielding blank and clicking on the "unlock" button twice.
Wikileaks Vault 7 suspect Joshua Schulte fingered by FBI after re-using smartphone passwords on his PCs
Joshua Schulte indicted on 13 counts relating to Vault 7 leaks and trading in images of child abuse
Alexa for Hospitality will link with existing systems so guests can order room service and control the air con
Massive volcanic eruptions could have warmed Mars' surface sufficiently for oceans to form
Examination of fruit flies' brains generated more than one billion data points for scientists to analyse