Apple fixes HomeKit denial-of-service bug with new iOS update

Cupertino, January 16, 2022

On Wednesday, Apple released iOS 15.2.1, a minor update to the mobile operating system that fixes bugs, including a denial-of-service vulnerability previously reported by The Verge. The 15.2.1 patch fixes a vulnerability caused by HomeKit, the software API for connecting smart home devices to iOS applications. If the vulnerability was exploited, very long-named HomeKit devices would cause iPhones and iPads to freeze, crash, and reboot endlessly. Since HomeKit device names are backed up to iCloud, logging into the same iCloud account with a restored device would trigger the crash again. Apple's security notice for the 15.2.1 update only mentions one change, a fix for the HomeKit vulnerability. Details of the fix state that a "resource exhaustion issue has been addressed with improved input validation", presumably to prevent long HomeKit device names from being read into memory by iOS devices. In addition to security updates, the patch also fixed a bug affecting the performance of third-party CarPlay apps and another that prevented the Messages app from loading certain photos sent through iCloud. Users can update iOS by opening the Settings app on a device, tapping "General" and then selecting "Software Update." The HomeKit bug was discovered by security researcher Trevor Spiniolas, who published details on his blog on January 1. At the time, Spiniolas accused Apple of being slow to respond to its first disclosure, which was made in August 2021. According to Spiniolas' blog, the bug affects iOS versions at least as far back as 14.7 and likely earlier, meaning these devices are still vulnerable. Owners of iPhones or iPads should update their devices as soon as possible to take advantage of the new update.

Best selling & Top trending HomeKit product in our shop at this moment

HomeKit.Blog is in no way affiliated with or endorsed by Apple Inc. or Apple related subsidiaries.

All images, videos and logos are the copyright of the respective rights holders, and this website does not claim ownership or copyright of the aforementioned.

All information about products mentioned on this site has been collected in good faith. However, the information relating to them, may not be 100% accurate, as we only rely on the information we are able to gather from the companies themselves or the resellers who stock these products, and therefore cannot be held responsible for any inaccuracies arising from the aforementioned sources, or any subsequent changes that are made that we have not been made aware of.

HomeKit.Blog Is A Participant In The Amazon Services LLC Associates Program, An Affiliate Advertising Program Designed To Provide A Means For Sites To Earn Advertising Fees By Advertising And Linking To Amazon Store (Amazon.com, Or Endless.com, MYHABIT.com, SmallParts.com, Or AmazonWireless.com).

The opinions expressed on this website by our contributors do not necessarily represent the views of the website owners. 

Copyright © 2022 . All rights reserved
United States