MobileNews

Apple confirms iOS 15.2.1 patches HomeKit denial of service vulnerability

Apple has officially released iOS 15.2.1 and iPadOS 15.2.1, bringing bug fixes for CarPlay and Messages. In addition to those bug fixes, the update also includes a notable security update to patch a HomeKit vulnerability that could cause your iPhone or iPhone to repeatedly crash.

This bug was first reported by security researcher Trevor Spiniolas, who detailed in a blog post that the name of a HomeKit device being changed to something around 500,000 characters long is what causes the issues. As we explained in our coverage last month, the outcome varies depending on whether or not you have Home devices enabled in Control Center.

This HomeKit bug is significant for all of the reasons Spiniolas has outlined in his blog post. Perhaps even more worrisome, however, is that Apple has known about the issue since August, and not yet rolled out a complete fix. Apple’s bug reporting system has faced criticism over the years, and it’s clear that not all of the quirks have been resolved. 

In an update posted to the Apple Support website today, Apple says that it has patched this vulnerability with the releases of iOS 15.2.1 and iPadOS 15.2.1.

Apple says that this bug meant that processing a maliciously crafted HomeKit accessory name may cause a denial of service. Apple fixed the problem by addressing a “resource exhaustion issue” with improved input validation.

According to Apple, this is the lone security fix in iOS 15.2.1 and iPadOS 15.2.1 There are, however, a pair of notable bug fixes included in the updates:

  • Messages may not load photos sent using an iCloud Link
  • Third-party CarPlay apps may not respond to input

You can update your iPhone to iOS 15.2.1 by heading to the Settings app, choosing General, then choosing Software Update. The build number for today’s update is 19C63 and it measures in at over 900MB in size.

Read more:


Check out 9to5Mac on YouTube for more Apple news:

Check out the latest Apple iPhones at great prices from Gizmofashion – our recommended retail partner.


Author: Chance Miller
Source: 9TO5Google

Related posts
AI & RoboticsNews

Mike Verdu of Netflix Games leads new generative AI initiative

AI & RoboticsNews

Google just gave its AI access to Search, hours before OpenAI launched ChatGPT Search

AI & RoboticsNews

Runway goes 3D with new AI video camera controls for Gen-3 Alpha Turbo

DefenseNews

Why the Defense Department needs a chief economist

Sign up for our Newsletter and
stay informed!