Apple patches HomeKit denial-of-service bug with new iOS update
On Wednesday, Apple released the 15.2.1 version of iOS, a minor update to the mobile operating system that fixes bugs, including a denial-of-service vulnerability previously reported by The Verge.
The 15.2.1 patch addresses a vulnerability triggered through HomeKit, the software API for connecting smart home devices to iOS applications. If the vulnerability was exploited, HomeKit devices labeled with a very long name would cause iPhones and iPads to endlessly freeze, crash, and reboot.
Since HomeKit device names are backed up to iCloud, signing in to the same iCloud account with a restored device would trigger the crash again.
Apple’s security notification for the 15.2.1 update lists only one change, a fix for the HomeKit vulnerability. Details of the fix state that a “resource exhaustion issue was addressed with improved input validation,” presumably to prevent long HomeKit device names from being read into memory by iOS devices.
Besides security updates, the patch also fixed a bug that impacted performance of third-party CarPlay apps and another that prevented the Messages app from loading certain photos sent via iCloud. Users can update iOS by opening the Settings app on a device and tapping “General,” then selecting “Software Update.”
The HomeKit bug was discovered by security researcher Trevor Spiniolas, who published details on his blog on January 1st. At the time, Spiniolas accused Apple of being slow to respond to his initial disclosure, which was made in August 2021.
According to Spiniolas’ blog, the bug affects iOS versions at least as far back as 14.7 and likely before, meaning these devices are still vulnerable. Owners of iPhones or iPads should update their devices as soon as possible to benefit from the new update.
On Wednesday, Apple released the 15.2.1 version of iOS, a minor update to the mobile operating system that fixes bugs, including a denial-of-service vulnerability previously reported by The Verge. The 15.2.1 patch addresses a vulnerability triggered through HomeKit, the software API for connecting smart home devices to iOS applications. If…
Recent Posts
- OpenAI has big news to share on May 13 – but it’s not announcing a search engine
- How to watch Google I/O 2024 live
- Tech startup connects to two satellites in orbit from Earth via Bluetooth — using off the shelf chip and a software update
- Doctor Who: The Devil’s Chord review: Is this madness?
- Doctor Who Space Babies review: Bet you didn’t expect that
Archives
- May 2024
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- December 2019
- November 2019
- December 2011