iOS 15.2.1 protects against HomeKits denial of service vulnerability

Apple confirms iOS 15.2.1 patches HomeKit denial of service vulnerability

Chance Miller

– Jan. 12th 2022 10:21 am PT


Apple has officially released iOS 15.2.1 and iPadOS 15.2.1, bringing bug fixes for CarPlay and Messages. In addition to those bug fixes, the update also includes a notable security update to patch a HomeKit vulnerability that could cause your iPhone or iPad to repeatedly crash.

This bug was first reported by security researcher Trevor Spiniolas, who detailed in a blog post that the name of a HomeKit device being changed to something around 500,000 characters long is what causes the issues. As we explained in our coverage last month, the outcome varies depending on whether or not you have Home devices enabled in Control Center.

This HomeKit bug is significant for all of the reasons Spiniolas has outlined in his blog post. Perhaps even more worrisome, however, is that Apple has known about the issue since August, and not yet rolled out a complete fix. Apple’s bug reporting system has faced criticism over the years, and it’s clear that not all of the quirks have been resolved. 

In an update posted to the Apple Support website today, Apple says that it has patched this vulnerability with the releases of iOS 15.2.1 and iPadOS 15.2.1.

Apple says that this bug meant that processing a maliciously crafted HomeKit accessory name may cause a denial of service. Apple fixed the problem by addressing a “resource exhaustion issue” with improved input validation.

According to Apple, this is the lone security fix in iOS 15.2.1 and iPadOS 15.2.1 There are, however, a pair of notable bug fixes included in the updates:

  • Messages may not load photos sent using an iCloud Link
  • Third-party CarPlay apps may not respond to input

You can update your iPhone to iOS 15.2.1 by heading to the Settings app, choosing General, then choosing Software Update. The build number for today’s update is 19C63 and it measures in at over 900MB in size.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.