https://www.theverge.com/2017/12/8/16750792/apple-homekit-bug-ios-11-shared-users

Apple’s had a bad couple weeks of software issues, and its latest problem is a HomeKit vulnerability that apparently let hackers take control of a person’s smart home gadgets. 9to5Mac broke news of the exploit and seems to have nudged Apple into patching the bug immediately — Apple was reportedly told of the issue in late October.

The vulnerability required a hacker to have access to an iPhone or iPad on iOS 11.2 (the latest version of iOS) that was logged into their target’s iCloud account, according to the report. It’s unclear exactly what happened from there, but it sounds like the attacker was able to set up a shared HomeKit user without logging into the device. That would then give the person total control over any HomeKit gadgets their target’s iCloud account was hooked up to.