Apple has just rolled out a major new update for its iPhones and iPads. This fixes a critical flaw affecting iPhone and iPad running iOS 14.7 to iOS 15.2 from HomeKit.
HomeKit, Apple’s smart home platform that allows Apple users to set up, communicate and control their smart home devices, housed a major security hole that could disable your iPhones and iPads. This bug, named “doorLock” was spotted earlier this month by security researcher Trevor Spiniolas.
A malicious hacker was able to change the name of a HomeKit device to a string of more than 500,000 characters. This had the consequence of bugging the iPhone and iPad. Indeed, when devices loaded this long string of characters, the device software found itself in a denial of service (DoS) state, requiring a forced reset to unlock it. The problem is, once the device reboots and the user reconnects to the iCloud account linked to HomeKit, the bug was triggered again, thus rendering the affected accounts unusable.
To read also – iPhone: a Messages bug prevents deactivating acknowledgments of receipt
Apple corrects the situation and deploys an update
Apple has rolled out a new update to its iPhone and iPad that fixes the bug. Users can now download the new versions iOS 15.2.1 and iPadOS 15.2.1 in their device settings. The details of the fix state that a “resource exhaustion issue was resolved with improved input validation.” Apple therefore probably Prevented long names of HomeKit devices from being read by the device memory running on iOS.
Apple took a long time to correct the flaw. Indeed, security researcher Trevor Spiniolas posted full details of the Homekit flaw on his blog on January 1. However, it was not the first time that Spiniolas had alerted Apple, since he would have already contacted the company in August 2021 to warn them of the existence of the problem.
The update also fixes another bug that prevented devices from properly loading messages sent through an iCloud link, as well as a bug that made third-party CarPlay apps unusable.
Source: Apple