iOS 15.2.1 and iPadOS 15.2.1 Address HomeKit Vulnerability

Apple today released iOS 15.2.1 and iPadOS 15.2.1, minor updates that include an important security fix for a known HomeKit vulnerability that was first discovered last year.

homekit showdown 2 thumb
According to Apple's security support document for the update, it addresses an issue that could cause a maliciously crafted ‌HomeKit‌ name to result in a denial of service, causing iPhones and iPads not to work.

Apple says that it was caused by a resource exhaustion issue that has now been addressed with improved input validation.


The ‌HomeKit‌ bug was first highlighted in January by Bleeping Computer after being discovered by Trevor Spiniolas. Called "doorLock," the vulnerability is executed by changing the name of a ‌HomeKit‌ device to something with over 500,000 characters.

Attempting to load such a large string of characters causes the iOS device to be sent into a denial of service state, and a forced reset is the only way to recover. Resetting the device results in a loss of data unless there is an available backup, and signing back into an affected iCloud account linked to the broken ‌HomeKit‌ device name can re-trigger the bug.

Apple partially fixed the bug in iOS 15.1 by limiting the length of the name that can be set for a ‌HomeKit‌ device or app, but it didn't entirely fix the issue because malicious people exploiting the vulnerability could use Home invitations rather than a device to trigger the attack.

Because this bug could result in data loss at worst and a device reset at best, it's worth updating to the iOS and iPadOS 15.2.1 updates right away.

Related Forum: iOS 15

Top Rated Comments

hackedmac Avatar
31 months ago
Does this fix the Snapshots not updating on the cameras?
Score: 8 Votes (Like | Disagree)
PBG4 Dude Avatar
31 months ago

Who really would have created a HomeKit device with a name over 500,000 characters? While it's possible, it's INCREDIBLY unlikely.
The problem isn’t that someone could name an object with >500K characters. The problem is Apple code is willing to accept inputs of this length, even when the field has not had the memory allocated to handle a 500K length string.
Score: 7 Votes (Like | Disagree)
Sydnxt Avatar
31 months ago
Wow, no release notes on the software update screen!
Score: 6 Votes (Like | Disagree)
d4cloo Avatar
31 months ago

I'm a heavy critic on how Apple developed HomeKit. I see I'm getting validated today.
I'm mostly annoyed by the user experience. I have a lot of smart equipment, and it's extremely cumbersome and frankly impossible to design a custom screen in Control Center that is laid out exactly according to my preferences.
Score: 6 Votes (Like | Disagree)
Macintosh TV Avatar
31 months ago
Who really would have created a HomeKit device with a name over 500,000 characters? While it's possible, it's INCREDIBLY unlikely.
Score: 5 Votes (Like | Disagree)
doboy Avatar
31 months ago
Seriously, people accept home invitations from randos? Haha.
Score: 4 Votes (Like | Disagree)

Popular Stories

iphone se 4 modified flag edges

When to Expect the Next iPhone SE to Launch

Friday May 17, 2024 2:03 pm PDT by
It has been over two years since Apple released the third-generation iPhone SE, and rumors continue to surface about a new model. The latest word comes from The Information, which today reported that Apple plans to release a new iPhone SE with a design similar to the standard iPhone 14 in the spring of 2025. If this rumor is accurate, the iPhone SE would finally gain Face ID and a notch...
iOS 17

iOS 17.5 Bug May Also Resurface Deleted Photos on Wiped, Sold Devices [Updated]

Friday May 17, 2024 12:24 pm PDT by
A bug in iOS 17.5 is apparently causing photos that have been deleted to reappear, and the issue seems to impact even iPhones and iPads that have been erased and sold off to other people. A Reddit user wiped an iPad following Apple's guidelines in September of 2023 before selling it off to a friend. That friend updated the iPad to iPadOS 17.5 this week, and began seeing the Reddit user's old ...
iphone se 4 modified flag edges

iPhone SE 4 With Face ID Said to Be Priced Below $500

Monday May 20, 2024 3:43 am PDT by
Apple is targeting a sub-$500 starting price for its upcoming fourth-generation iPhone SE model despite a raft of rumored upgrades coming to the more affordable device. According to leaker Revegnus on X, the U.S. launch price of the fourth-generation iPhone SE will either remain at the same $429 starting price as the current model, or will see an increase of around 10%. Either way, Apple's...
iOS 17

Apple Releases iOS 17.5.1 With Fix for Reappearing Photos Bug

Monday May 20, 2024 10:11 am PDT by
Apple today released iOS 17.5.1 and iPadOS 17.5.1, minor updates to the iOS 17 and iPadOS 17 operating system updates that came out last September. The 17.5.1 updates come a week after the launch of iOS 17.5 and iPadOS 17.5. iOS 17.5.1 and iPadOS 17.5.1 can be downloaded on eligible iPhones and iPads over-the-air by going to Settings > General > Software Update. According to Apple's...
iPhone 16 Camera Lozenge 2 Perspective

iPhone 16 Lineup Rumored to Come in These Two New Colors

Sunday May 19, 2024 11:08 am PDT by
Apple analyst Ming-Chi Kuo today outlined his expectations for the iPhone 16 lineup's color options, revealing that two new colors should replace two of the existing shades. Kuo outlined his expectations in a post on X (formerly Twitter) earlier today. He believes that the iPhone 16 Pro and iPhone 16 Pro Max will be available in black, white or silver, gray or "Natural Titanium," and rose....
oled m4 ipad pro grainy display reports

OLED iPad Pro Users Report 'Grainy' Displays, But It May Not Be a Defect

Friday May 17, 2024 5:57 am PDT by
Some new M4 iPad Pro models are exhibiting a visible static grain pattern across the OLED display, according to several user reports on Reddit (1, 2, 3) and the MacRumors Forums. Image credit: MacRumors user bk215 Users who see the grain generally report that it is most noticeable in dark environments with the display set at a low to medium brightness while viewing content with gray or muted...