The developer who discovered a huge vulnerability in HomeKit, which allowed anyone unauthorized control of someone else’s devices, has explained how it worked. He has also expressed frustration at Apple’s failure to properly fix the bug until 9to5Mac intervened.
Khaos Tian handled his discovery responsibly, by reporting it to Apple on the day he discovered it, October 28. But he says the issue remained live throughout November, and the next iOS release actually made things worse …
more…