Apple has released iOS 11.2.1 for iPhone and iPad. The software update restores remote access in HomeKit for shared users which was temporarily disabled last week to address a vulnerability in Apple’s smart home framework that allowed unauthorized access in certain circumstances. Apple has also released tvOS 11.2.1 which is likely related to the fix.
Apple promptly resolved the issue server side so HomeKit users needed to take no action to ensure security. The server side fix temporarily disabled remote access for shared users in HomeKit, however, and users can update to the latest version of iOS to restore that functionality.
Here are the official release notes:
And here is what the security document describes:
Both tvOS 11.2.1 and iOS 11.2.1 should be rolling out to all users now. Devices on beta versions may need to remove beta profiles then reboot to see the updates.
Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: A remote attacker may be able to unexpectedly alter application state
Description: A message handling issue was addressed with improved input validation.
CVE-2017-13903: Tian Zhang
