Apple · Watch · CVE-2017-13903
**Name of the Vulnerable Software and Affected Versions**
Apple iOS versions prior to 11.2.1
Apple tvOS versions prior to 11.2.1
**Description**
The issue involves the `HomeKit` component and incorrect message handling, allowing remote attackers to modify the application state. This can be demonstrated by using an Apple Watch to obtain an encryption key and unlock a door.
**Recommendations**
For iOS versions prior to 11.2.1, update to version 11.2.1 or later to resolve the issue.
For tvOS versions prior to 11.2.1, update to version 11.2.1 or later to resolve the issue.