Apple has released iOS 11.2.1 for iPhone and iPad. The software update restores remote access in HomeKit for shared users which was temporarily disabled last week to address a vulnerability in Apple’s smart home framework that allowed unauthorized access in certain circumstances. Apple has also released tvOS 11.2.1 which is likely related to the fix.
9to5Mac reported on the vulnerability, which allowed unauthorized access to smart home accessories including locks and garage door openers, last week after seeing a demonstration in the shipping version of iOS 11.2.
Apple promptly resolved the issue server side so HomeKit users needed to take no action to ensure security. The server side fix temporarily disabled remote access for shared users in HomeKit, however, and users can update to the latest version of iOS to restore that functionality.
Here are the official release notes:
iOS 11.2.1 fixes bugs including an issue that could disable remote access to shared users of the Home app.
And here is what the security document describes:
Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: A remote attacker may be able to unexpectedly alter application state
Description: A message handling issue was addressed with improved input validation.
CVE-2017-13903: Tian Zhang
Both tvOS 11.2.1 and iOS 11.2.1 should be rolling out to all users now. Devices on beta versions may need to remove beta profiles then reboot to see the updates.