iOS 15.2.1 and iPadOS 15.2.1 address HomeKit vulnerability

Apple today released iOS 15.2.1 and iPadOS 15.2.1. These small updates include important security fixes for known HomeKit vulnerabilities first discovered last year.

According to Apple's updated security support document, it addresses an issue that could allow a maliciously crafted ‌HomeKit‌ name to cause a denial of service, preventing iPhones and iPads from working.

Apple says this was caused by a resource exhaustion issue, which has now been resolved through improved input validation.

The vulnerability, dubbed "doorLock," operates by changing the name of a ‌HomeKit‌ device to one that is longer than 500,000 characters.

Attempting to load such a large string will cause the iOS device to enter a denial of service state, and a force reset is the only way to recover. Unless a backup is available, resetting the device will result in data loss, and logging back into the affected iCloud account associated with the corrupted "HomeKit" device name may re-trigger the error.

Apple partially fixed the bug in iOS 15.1 by limiting the length of names that can be set for ‌HomeKit‌ devices or apps, but it doesn't completely resolve the issue, as a malicious actor who exploited the flaw could use Home invitations instead The device triggers the attack.

Since this error can result in data loss and device reset at best, it's worth updating to the iOS and iPadOS 15.2.1 update immediately.

The above is the detailed content of iOS 15.2.1 and iPadOS 15.2.1 address HomeKit vulnerability. For more information, please follow other related articles on the PHP Chinese website!