Apple Confirms Ios 15 2 1 Patches Homekit Denial Of Service Vulnerability

Apple has officially released iOS 15.2.1 and iPadOS 15.2.1, bringing bug fixes for CarPlay and Messages. In addition to those bug fixes, the update also includes a notable security update to patch a HomeKit vulnerability that could cause your iPhone or iPad to repeatedly crash.

This bug was first reported by security researcher Trevor Spiniolas, who detailed in a blog post that the name of a HomeKit device being changed to something around 500,000 characters long is what causes the issues. As we explained in our coverage last month, the outcome varies depending on whether or not you have Home devices enabled in Control Center.

In an update posted to the Apple Support website today, Apple says that it has patched this vulnerability with the releases of iOS 15.2.1 and iPadOS 15.2.1.

This HomeKit bug is significant for all of the reasons Spiniolas has outlined in his blog post. Perhaps even more worrisome, however, is that Apple has known about the issue since August, and not yet rolled out a complete fix. Apple’s bug reporting system has faced criticism over the years, and it’s clear that not all of the quirks have been resolved. 

Apple says that this bug meant that processing a maliciously crafted HomeKit accessory name may cause a denial of service. Apple fixed the problem by addressing a “resource exhaustion issue” with improved input validation.

According to Apple, this is the lone security fix in iOS 15.2.1 and iPadOS 15.2.1 There are, however, a pair of notable bug fixes included in the updates:

• Messages may not load photos sent using an iCloud Link
• Third-party CarPlay apps may not respond to input

You can update your iPhone to iOS 15.2.1 by heading to the Settings app, choosing General, then choosing Software Update. The build number for today’s update is 19C63 and it measures in at over 900MB in size.

Read more:

• Apple releases iOS 15.3 beta 2 and more for developers
• Apple releases iOS 15.2.1 with bug fixes for CarPlay and Messages
• This HomeKit bug could make your iPhone completely unusable; here are the details