Apple says iOS 15.2.1 fixes its HomeKit denial of service vulnerability

Apple says iOS 15.2.1 fixes its HomeKit denial of service vulnerability

What you need to know

Apple has released iOS 15.2.1 to the public.
iOS 15.2.1 fixes a bug that caused iPhones and iPads to restart when a HomeKit accessory had a name with more than 500,000 characters in its name.
All users should install iOS 15.2.1 as soon as possible.

The bug has been fixed and shouldn’t impact anyone after iOS 15.2.1 is installed.

Apple says that its new iOS 15.2.1 update patches a HomeKit denial of service vulnerability that could make an iPhone or iPad crash repeatedly. The release is available for download now and should be installed as soon as possible.

The vulnerability was reported by security researcher Trevor Spinoloas and was found to be an issue when a HomeKit device’s name was changed to something that was more than 500,000 characters long. Such a name caused what was essentially a Denial of Service attack and caused iPhones and iPads to repeatedly crash.

When the name of a HomeKit device is changed to a large string (500,000 characters in testing), any device with an affected iOS version installed that loads the string will be disrupted, even after rebooting. Restoring a device and signing back into the iCloud account linked to the HomeKit device will again trigger the bug.

Apple now says that the iOS 15.2.1 update fixes the issue and will prevent it from happening again. The same update also reportedly ensures that CarPlay apps work properly when tapped. Another issue that prevented images from loading when sent via iCloud Link has also been dealt with in this release.

Those who are yet to update their devices can do so by heading into the Settings, tapping General, and then Software Update.

Leave a Reply

Your email address will not be published. Required fields are marked *