Apple rolled out iOS and iPadOS 15.2.1 on Wednesday. The minor update brings several bug fixes, including a patch for a denial-of-service vulnerability found in HomeKit.
Trevor Spiniolas discovered the vulnerability and published details about it on January 1st. At the time, Spiniolas accused Apple of being slow to respond to his initial disclosure, which he made in August 2021. The bug affects iOS and iPadOS versions as far back as 14.7 and possibly earlier versions too — iPhone and iPad owners should update their devices to avoid the bug.
The vulnerability, if exploited, would lead to HomeKit devices with really long names crashing iPhones and iPads. HomeKit is an API used for connecting smart home gadgets to iOS devices, and it backs up device names to iCloud. That means users hit with the problem would experience it again if they re-connected that same iCloud account.
Apple published a security notice for the iOS 15.2.1 update — it only lists the HomeKit issue and notes the following fix: “A resource exhaustion issue was addressed with improved input validation.”
However, there are other items in the 15.2.1 update. According to The Verge, the patch also fixes a bug that impacted the performance of third-party CarPlay apps and a bug that stopped the Messages app from loading certain photos sent through iCloud.
To download the update, open the Settings app on your iPhone or iPad > Tap ‘General’ > Tap ‘Software Update.’