iOS 15.2.1 and iPadOS 15.2.1 Address HomeKit Vulnerability
Apple today released iOS 15.2.1 and iPadOS 15.2.1, minor updates that include an important security fix for a known HomeKit vulnerability that was first discovered last year.
According to Apple's security support document for the update, it addresses an issue that could cause a maliciously crafted HomeKit name to result in a denial of service, causing iPhones and iPads not to work.
Apple says that it was caused by a resource exhaustion issue that has now been addressed with improved input validation.
The HomeKit bug was first highlighted in January by
Bleeping Computer after
being discovered by Trevor Spiniolas. Called "doorLock," the vulnerability is executed by changing the name of a HomeKit device to something with over 500,000 characters.
Attempting to load such a large string of characters causes the iOS device to be sent into a denial of service state, and a forced reset is the only way to recover. Resetting the device results in a loss of data unless there is an available backup, and signing back into an affected iCloud account linked to the broken HomeKit device name can re-trigger the bug.
Apple partially fixed the bug in iOS 15.1 by limiting the length of the name that can be set for a HomeKit device or app, but it didn't entirely fix the issue because malicious people exploiting the vulnerability could use Home invitations rather than a device to trigger the attack.
Because this bug could result in data loss at worst and a device reset at best, it's worth updating to the iOS and iPadOS 15.2.1 updates right away.
Related Stories
Microsoft's 365 Defender Research Team this morning published details on a new "Powerdir" macOS vulnerability that let an attacker bypass the Transparency, Consent, and Control technology to gain unauthorized access to protected data.
Apple already addressed the CVE-2021-30970 vulnerability in the macOS Monterey 12.1 update that was released in December, so users who have updated to the...
Apple today released new iOS and iPadOS 12.5.4 updates, with the new software aimed at older devices that are unable to run the iOS 14 update that's available on modern devices.
The iOS and iPadOS 12.5.4 updates can be downloaded for free and the software is available on all eligible devices over-the-air in the Settings app. To access the new software, go to Settings > General > Software...
Apple today released minor 15.2.1 updates for iPhone and iPad users, and the software comes one month after Apple launched iOS 15.2 and iPadOS 15.2 with a slew of improvements.
The iOS 15.2.1 and iPadOS 15.2.1 update can be downloaded for free and the software is available on all eligible devices over-the-air in the Settings app. To access the new software, go to Settings > General >...
Following the release of iOS 15.4 on March 14, Apple has stopped signing iOS 15.3.1, the previously available version of iOS that came out in February. As iOS 15.3.1 is no longer being signed, it is not possible to downgrade to that version of iOS if you've updated to iOS 15.4.
Apple routinely stops signing older versions of software updates after new releases come out in order to encourage...
Apple today released iOS and iPadOS 14.8.1, minor updates to the iOS and iPadOS 14 operating systems. iOS and iPadOS 14.8.1 come more than a month after the release of iOS and iPadOS 14.8, another security fix update.
The iOS and iPadOS 14.8.1 updates can be downloaded for free and the software is available on all eligible devices over-the-air in the Settings app. To access the new software, ...
The macOS Monterey 12.2 and iOS 15.3 release candidates that came out today appear to address a Safari bug that could cause your recent browsing history and details about your identity to be leaked to malicious entities.
As shared last week by browser fingerprinting service FingerprintJS, there is an issue with the WebKit implementation of the IndexedDB JavaScript API. Any website that uses...
Apple released iOS 15.3 and iPadOS 15.3 on Wednesday with several security fixes, and we have since learned that the software updates also resolve an issue with HomeKit camera thumbnails failing to refresh for some users in the Home app.
HomeKit Secure Video cameras added to the Home app each have a thumbnail that provides a still view of recent footage, and normally these thumbnails...
Apple today seeded the release candidate versions of upcoming iOS 15.4 and iPadOS 15.4 updates to developers for testing purposes, with the new software coming one week after Apple seeded the fifth betas of iOS 15.4 and iPadOS 15.4. The RCs represent the final versions of the updates that will be released to the public next week. Developers can download iOS 15.4 and iPadOS 15.4 through the...
Popular Stories
Due to production issues at Apple supplier factories in China, the iPhone 14 Pro and iPhone 14 Pro Max are backordered and basically out of stock at every store. If you were planning to gift or receive an iPhone 14 Pro model for the holidays and didn't already get one, you're basically out of luck because they're gone until late December.
Subscribe to the MacRumors YouTube channel for more ...
Thursday December 8, 2022 2:45 am PST by
Sami FathiApple yesterday announced that end-to-end encryption is coming to even more sensitive types of iCloud data, including device backups, messages, photos, and more, meeting the longstanding demand of both users and privacy groups who have rallied for the company to take the significant step forward in user privacy.
iCloud end-to-end encryption, or what Apple calls "Advanced Data Protection,"...
Apple plans to publicly release iOS 16.2 for the iPhone in mid-December, according to Bloomberg's Mark Gurman. The update remains in beta testing for now, with at least eight new features and changes already uncovered so far.
iOS 16.2 introduces a number of new features, including Apple's new whiteboard app Freeform, two new Lock Screen widgets for Sleep and Medications, the ability to hide...
With the iOS 16.2 release candidate that came out today, Apple added the new Apple Music Sing feature that was announced earlier this week. We thought we'd check out the new karaoke feature to see how it works.
Subscribe to the MacRumors YouTube channel for more videos. Apple Music Sing is available on modern iPhones and iPads, as well as the newest Apple TV 4K. It's built in to the Apple...
Apple is aiming to launch an Apple-branded consumer-oriented vehicle by 2026, and its goal is to hit a price point under $100,000 to make the car appeal to a wider range of customers, reports Bloomberg.
Apple initially planned to design a car that might look similar to Canoo's Lifestyle Vehicle, where passengers could face one another in a limousine-style car with no steering wheel or...
iOS 16.2 is expected to be released next week following nearly two months of beta testing. With last-minute additions like Apple Music Sing and Advanced Data Protection, the software update now has over a dozen new features for the iPhone.
Below, we've recapped many of the new features coming with iOS 16.2, including Apple's new whiteboard app Freeform, two new Lock Screen widgets, the...
Tuesday December 6, 2022 7:09 am PST by
Sami FathiApple today announced Apple Music Sing, a new feature in Apple Music that lets users sing their favorite songs with adjustable vocals and more.
Apple Music Sing will utilize Apple Music's real-time lyrics to allow users to sing to their favorite songs using adjustable vocals, background vocals, and duet view to allow more than one singer.Apple Music Sing includes:
Adjustable vocals: Users...
Twitter plans to charge $11 per month for a Twitter Blue subscription on the iPhone in order to account for the 30 percent cut that Apple takes from in-app purchases, reports The Information. On the web, Twitter Blue will be priced at $7 per month.
Prior to when Twitter Blue was paused, Twitter was charging $7.99 for a subscription, but the pricing will change before it relaunches. According ...
Apple today announced it is expanding end-to-end encryption to many additional iCloud data categories on an opt-in basis for enhanced security.
iCloud already protects 14 data categories using end-to-end encryption by default, including the Messages app when backups are disabled, passwords stored in iCloud Keychain, Health data, Apple Maps search history, Apple Card transactions, and more,...
Top Rated Comments