Apple plugs IoT HomeKit hole [source: nakedsecurity]

Apple just can’t seem to get away from the theme of security flaws right now.

Last month it was the macOS 10.13 root password issue, hot on the heels of the news that the iPhone’s X’s much-vaunted Face ID authentication could be bypassed using a prosthetic mask.

And it only seems fair to mention the small matter of the ‘show your password hint in encrypted APFS volumes’ issue macOS High Sierra users were told about in October.

Even Google’s Project Zero has got in on the act, publishing news of a jailbreaking proof-of-concept for iOS and macOS that seemed designed to draw attention to unexpected weaknesses in once-impregnable Apple software.

Now a researcher has discovered that Apple’s HomeKit Internet of Things (IoT) framework has a vulnerability serious enough to allow an attacker to control IoT devices using its protocol, such as thermostats, lights, power points, air conditioners, as well as smart home locks and garage door openers.

For more, click here.