Skip to main content

Apple confirms iOS 15.2.1 patches HomeKit denial of service vulnerability

Apple has officially released iOS 15.2.1 and iPadOS 15.2.1, bringing bug fixes for CarPlay and Messages. In addition to those bug fixes, the update also includes a notable security update to patch a HomeKit vulnerability that could cause your iPhone or iPad to repeatedly crash.

This bug was first reported by security researcher Trevor Spiniolas, who detailed in a blog post that the name of a HomeKit device being changed to something around 500,000 characters long is what causes the issues. As we explained in our coverage last month, the outcome varies depending on whether or not you have Home devices enabled in Control Center.

This HomeKit bug is significant for all of the reasons Spiniolas has outlined in his blog post. Perhaps even more worrisome, however, is that Apple has known about the issue since August, and not yet rolled out a complete fix. Apple’s bug reporting system has faced criticism over the years, and it’s clear that not all of the quirks have been resolved. 

In an update posted to the Apple Support website today, Apple says that it has patched this vulnerability with the releases of iOS 15.2.1 and iPadOS 15.2.1.

Apple says that this bug meant that processing a maliciously crafted HomeKit accessory name may cause a denial of service. Apple fixed the problem by addressing a “resource exhaustion issue” with improved input validation.

According to Apple, this is the lone security fix in iOS 15.2.1 and iPadOS 15.2.1 There are, however, a pair of notable bug fixes included in the updates:

  • Messages may not load photos sent using an iCloud Link
  • Third-party CarPlay apps may not respond to input

You can update your iPhone to iOS 15.2.1 by heading to the Settings app, choosing General, then choosing Software Update. The build number for today’s update is 19C63 and it measures in at over 900MB in size.

Read more:

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Chance Miller Chance Miller

Chance is the editor-in-chief of 9to5Mac, overseeing the entire site’s operations. He also hosts the 9to5Mac Daily and 9to5Mac Happy Hour podcasts.

You can send tips, questions, and typos to chance@9to5mac.com.

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications