84 matches found
CVE-2021-27953
A NULL pointer dereference vulnerability exists on the ecobee3 lite 4.5.81.200 device in the HomeKit Wireless Access Control setup process. A threat actor can exploit this vulnerability to cause a denial of service, forcing the device to reboot via a crafted HTTP request...
CVE-2021-27954
A heap-based buffer overflow vulnerability exists on the ecobee3 lite 4.5.81.200 device in the HKProcessConfig function of the HomeKit Wireless Access Control setup process. A threat actor can exploit this vulnerability to force the device to connect to a SSID or cause a denial of service...
CVE-2021-27954
CVE-2021-27954 affects ecobee3 lite devices (version 4.5.81.200) with a heap-based buffer overflow in HKProcessConfig of the HomeKit Wireless Access Control setup. The underlying cause is improper data boundary validation in HKProcessConfig, enabling an attacker to force the device to connect to ...
Ecobee Ecobee3 Lite 缓冲区错误漏洞
Ecobee Ecobee3 Lite is a Wi-Fi smart thermostat from Ecobee Canada.A buffer error vulnerability exists in Ecobee Ecobee3 Lite, which stems from HKProcessConfig in the product's HomeKit wireless access control settings failing to properly validate data boundaries, which could be used by an attacke...
PT-2021-17693 · Ecobee · Ecobee3 Lite
Name of the Vulnerable Software and Affected Versions: ecobee3 lite version 4.5.81.200 Description: A heap-based buffer overflow vulnerability exists in the HKProcessConfig function of the HomeKit Wireless Access Control setup process. An attacker can exploit this vulnerability to force the devic...
CVE-2017-13903
An issue was discovered in certain Apple products. iOS before 11.2.1 is affected. tvOS before 11.2.1 is affected. The issue involves the "HomeKit" component. It allows remote attackers to modify the application state by leveraging incorrect message handling, as demonstrated by use of an Apple Wat...
CVE-2017-13903
An issue was discovered in certain Apple products. iOS before 11.2.1 is affected. tvOS before 11.2.1 is affected. The issue involves the "HomeKit" component. It allows remote attackers to modify the application state by leveraging incorrect message handling, as demonstrated by use of an Apple Wat...
Code injection
An issue was discovered in certain Apple products. iOS before 11.2.1 is affected. tvOS before 11.2.1 is affected. The issue involves the "HomeKit" component. It allows remote attackers to modify the application state by leveraging incorrect message handling, as demonstrated by use of an Apple Wat...
CVE-2017-13903
The CVE-2017-13903 issue affects Apple iOS 11.2.1 and tvOS 11.2.1, with HomeKit’s message handling allowing a remote attacker to alter application state. Root cause: improper message handling within HomeKit enabling state changes when processing messages (Apple notes a fix via improved input vali...
CVE-2017-13903
An issue was discovered in certain Apple products. iOS before 11.2.1 is affected. tvOS before 11.2.1 is affected. The issue involves the "HomeKit" component. It allows remote attackers to modify the application state by leveraging incorrect message handling, as demonstrated by use of an Apple Wat...
Security Vulnerability in Apple's HomeKit
The story of the recent vulnerability in Apple's HomeKit...
Apple iOS and tvOS HomeKit Security Bypass Vulnerability
Apple iOS and tvOS are both products of the American company Apple. The former is an operating system for mobile devices; the latter is an operating system for smart TVs, of which HomeKit is a smart home platform component. A security bypass vulnerability exists in the HomeKit component in Apple...
About the security content of tvOS 11.2.1 - Apple Support
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. For more information about security, se...
About the security content of iOS 11.2.1 - Apple Support
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. For more information about security, se...
About the security content of iOS 11.2.1
About the security content of iOS 11.2.1 This document describes the security content of iOS 11.2.1. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...
About the security content of tvOS 11.2.1
About the security content of tvOS 11.2.1 This document describes the security content of tvOS 11.2.1. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...
Apple Fixes Flaw Impacting HomeKit Devices
Apple said it has fixed an undisclosed vulnerability in its HomeKit framework that could have allowed unauthorized remote control of HomeKit devices such as smart locks and connected garage door openers. The flaw was first reported by the publication 9to5Mac on Thursday. According to the...
The vulnerability of the iOS operating system, which allows a hacker to compromise the security of information.
The vulnerability of the HomeKit operating system’s iOS component exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to compromise information security by manipulating the Home Control element within the Control Center...
CVE-2017-2434
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "HomeKit" component. It allows attackers to have an unspecified impact by leveraging the presence of Home Control on Control Center...
CVE-2017-2434
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "HomeKit" component. It allows attackers to have an unspecified impact by leveraging the presence of Home Control on Control Center...