“The expression ‘safe as houses’ will become a thing of the past if tech firms don’t get connected home security right, and the need to be incredibly watchful was visible in Apple’s latest security blunder this week,” Jonny Evans writes for Computerworld

“The latest iOS 11.2 update held a zero-day vulnerability attackers could exploit to control smart home devices, including connected locks, 9to5Mac explains,” Evans writes. “While the vulnerability was difficult to exploit, and Apple has acted very swiftly to close this security gap, its existence exposes the risk of smart homes. Smart locks must really be locks, and not subject to being undone by opportunistic hackers.”

“While others rushed to market with smart home systems, Apple realised the need to ensure security protection in its smart home technologies early on. Its response was to develop HomeKit as a platform for smart home devices on iOS, but to ensure those solutions compatible with HomeKit meet certain criteria, including use of approved technologies,” Evans writes. “The strength of that approach is – oddly enough – proven by Apple’s response to this latest vulnerability. You see, Apple was able to address a platform-wide problem by making a temporary fix to its own HomeKit servers.”

Read more in the full article here.

MacDailyNews Take: Nobody’s perfect, but Apple is lately a lot more imperfect than we expect them to be.

We pay for “it just works,” Apple. When you stop providing that, the gravy train will stop, too. Get your act together, Apple! — MacDailyNews, December 2, 2017

SEE ALSO:
Zero-day iOS HomeKit flaw allowed remote access to IoT devices including door locks, garage door openers; fix rolling out – December 8, 2017
Updating to latest macOS 10.13.1 disables Apple’s ‘root’ bug patch; you’ll need to reinstall Apple’s root security fix – December 2, 2017
Apple on Mac flaw: ‘We apologize to all Mac users. Our customers deserve better. We are auditing our development processes.’ – November 29, 2017
Apple releases fix for macOS High Sierra administrator authentication bypass flaw – November 29, 2017
Tim Cook’s sloppy, unfocused Apple rushes to fix a major Mac security bug – November 29, 2017
What to do about Apple’s shameful Mac security flaw in macOS High Sierra – November 29, 2017
Apple’s late, delayed, limited HomePod is looking more and more like something I don’t want – November 27, 2017
Why Apple’s HomePod is three years behind Amazon’s Echo – November 21, 2017
Under ‘operations genius’ Tim Cook, product delays and other problems are no longer unusual for Apple – November 20, 2017
Apple delays HomePod release to early 2018 – November 17, 2017
Apple CEO Tim Cook: The ‘operations genius’ who never has enough products to sell at launch – October 23, 2017
Apple reveals HomePod smart home music speaker – June 5, 2017
Apple’s desperate Mac Pro damage control message hints at a confused, divided company – April 6, 2017
Apple is misplaying the hand Steve Jobs left them – November 30, 2016
Apple delays AirPod rollout – October 26, 2016
Apple delays release of watchOS 2 due to bug – September 16, 2015
Apple delays HomeKit launch until autumn – May 14, 2015
Apple delays production of 12.9-inch ‘iPad Pro’ in face of overwhelming iPhone 6/Plus demand – October 9, 2014
Tim Cook’s mea culpa: iMac launch should have been postponed – April 24, 2013