iOS 15.2.1 and iPadOS 15.2.1 Address HomeKit Vulnerability

Apple today released iOS 15.2.1 and iPadOS 15.2.1, minor updates that include an important security fix for a known HomeKit vulnerability that was first discovered last year.

homekit showdown 2 thumb
According to Apple's security support document for the update, it addresses an issue that could cause a maliciously crafted ‌HomeKit‌ name to result in a denial of service, causing iPhones and iPads not to work.

Apple says that it was caused by a resource exhaustion issue that has now been addressed with improved input validation.


The ‌HomeKit‌ bug was first highlighted in January by Bleeping Computer after being discovered by Trevor Spiniolas. Called "doorLock," the vulnerability is executed by changing the name of a ‌HomeKit‌ device to something with over 500,000 characters.

Attempting to load such a large string of characters causes the iOS device to be sent into a denial of service state, and a forced reset is the only way to recover. Resetting the device results in a loss of data unless there is an available backup, and signing back into an affected iCloud account linked to the broken ‌HomeKit‌ device name can re-trigger the bug.

Apple partially fixed the bug in iOS 15.1 by limiting the length of the name that can be set for a ‌HomeKit‌ device or app, but it didn't entirely fix the issue because malicious people exploiting the vulnerability could use Home invitations rather than a device to trigger the attack.

Because this bug could result in data loss at worst and a device reset at best, it's worth updating to the iOS and iPadOS 15.2.1 updates right away.

Related Roundups: iOS 15, iPadOS 15
Related Forum: iOS 15

Top Rated Comments

hackedmac Avatar
4 days ago at 10:36 am
Does this fix the Snapshots not updating on the cameras?
Score: 8 Votes (Like | Disagree)
PBG4 Dude Avatar
4 days ago at 10:56 am

Who really would have created a HomeKit device with a name over 500,000 characters? While it's possible, it's INCREDIBLY unlikely.
The problem isn’t that someone could name an object with >500K characters. The problem is Apple code is willing to accept inputs of this length, even when the field has not had the memory allocated to handle a 500K length string.
Score: 7 Votes (Like | Disagree)
Sydnxt Avatar
4 days ago at 10:35 am
Wow, no release notes on the software update screen!
Score: 6 Votes (Like | Disagree)
d4cloo Avatar
4 days ago at 11:08 am

I'm a heavy critic on how Apple developed HomeKit. I see I'm getting validated today.
I'm mostly annoyed by the user experience. I have a lot of smart equipment, and it's extremely cumbersome and frankly impossible to design a custom screen in Control Center that is laid out exactly according to my preferences.
Score: 6 Votes (Like | Disagree)
Macintosh TV Avatar
4 days ago at 10:43 am
Who really would have created a HomeKit device with a name over 500,000 characters? While it's possible, it's INCREDIBLY unlikely.
Score: 5 Votes (Like | Disagree)
doboy Avatar
4 days ago at 10:59 am
Seriously, people accept home invitations from randos? Haha.
Score: 4 Votes (Like | Disagree)

Related Stories

ios 15

Apple Releases Minor iOS 15.2.1 and iPadOS 15.2.1 Updates

Wednesday January 12, 2022 10:05 am PST by
Apple today released minor 15.2.1 updates for iPhone and iPad users, and the software comes one month after Apple launched iOS 15.2 and iPadOS 15.2 with a slew of improvements. The iOS 15.2.1 and iPadOS 15.2.1 update can be downloaded for free and the software is available on all eligible devices over-the-air in the Settings app. To access the new software, go to Settings > General >...
iOS 14 on iPhone feature emergency

Apple Releases iOS 14.8.1 and iPadOS 14.8.1 With Security Updates

Tuesday October 26, 2021 11:50 am PDT by
Apple today released iOS and iPadOS 14.8.1, minor updates to the iOS and iPadOS 14 operating systems. iOS and iPadOS 14.8.1 come more than a month after the release of iOS and iPadOS 14.8, another security fix update. The iOS and iPadOS 14.8.1 updates can be downloaded for free and the software is available on all eligible devices over-the-air in the Settings app. To access the new software, ...
powerdir exploit microsoft

Microsoft Discovered New 'Powerdir' macOS Vulnerability, Fixed in 12.1 Update

Monday January 10, 2022 9:17 am PST by
Microsoft's 365 Defender Research Team this morning published details on a new "Powerdir" macOS vulnerability that let an attacker bypass the Transparency, Consent, and Control technology to gain unauthorized access to protected data. Apple already addressed the CVE-2021-30970 vulnerability in the macOS Monterey 12.1 update that was released in December, so users who have updated to the...
maxresdefault

HomeKit Accessories Worth Checking Out

Tuesday November 23, 2021 7:06 am PST by
Every so often, MacRumors videographer Dan rounds up some of his favorite home products that he's been using. We have another installment of our HomeKit series, this time featuring devices from Lutron, Belkin, Sonos, and more. Subscribe to the MacRumors YouTube channel for more videos. You can see everything in action in the video, and we have links and a short description for the HomeKit...
iOS 15 General Feature Purple

Apple Releases iOS 15.0.2 With Messages Photo Bug Fix, Security Update and More

Monday October 11, 2021 10:04 am PDT by
Apple today released iOS 15.0.2, the second update to the iOS 15 operating system that was released in September. iOS 15.0.2 comes a week and a half after the launch of iOS 15.0.1, a bug fix update. The iOS 15.0.2 update can be downloaded for free and the software is available on all eligible devices over-the-air in the Settings app. To access the new software, go to Settings > General >...
General iOS 14

iOS 14.7.1 and macOS Big Sur 11.5.1 Patch Security Vulnerability That May Have Been Actively Exploited

Monday July 26, 2021 11:55 am PDT by
Apple today released unexpected iOS 14.7.1 and iPadOS 14.7.1 updates to the public, and according to a newly released support document, the software addresses a serious security vulnerability that may have been exploited in the wild. Apple says that an application may have been able to execute arbitrary code with kernel privileges due to a memory corruption issue. "Apple is aware of a report ...
ipad iphone duo ios 12

Apple Releases iOS and iPadOS 12.5.4 Security Fix for Older iPhones and iPads

Monday June 14, 2021 10:15 am PDT by
Apple today released new iOS and iPadOS 12.5.4 updates, with the new software aimed at older devices that are unable to run the iOS 14 update that's available on modern devices. The iOS and iPadOS 12.5.4 updates can be downloaded for free and the software is available on all eligible devices over-the-air in the Settings app. To access the new software, go to Settings > General > Software...
ios 15

Apple Seeds Second Betas of iOS 15.3 and iPadOS 15.3 to Developers

Wednesday January 12, 2022 10:08 am PST by
Apple today seeded the second betas of upcoming iOS 15.3 and iPadOS 15.3 updates to developers for testing purposes, with the new software coming three weeks after the launch of the first betas and a month after the launch of iOS 15.2 and iPadOS 15.2. iOS and iPadOS 15.3 can be downloaded through the Apple Developer Center or over the air after the proper profile has been installed on an...

Popular Stories

AirPods Pro Gen 3 Mock Feature Red

AirPods Pro 2 Could Start a New Accessory Ecosystem

Friday January 14, 2022 2:34 am PST by
Apple's second-generation AirPods Pro could arrive alongside a new series of accessories, recent leaked images suggest. Alleged leaked photos of the next-generation AirPods Pro obtained by MacRumors showed a charging case with a metal loop on the side for attaching a strap. Apple has not used this design for any of its other AirPod models and it is unclear why it would be added in this...
netflix2

Netflix Again Raises Prices for All Plans, 4K Streaming Now $20 Per Month

Friday January 14, 2022 12:46 pm PST by
Netflix today updated the prices for its streaming plans, and all of its offerings are now more expensive. The Basic plan is now priced at $9.99 per month, the Standard plan is priced at $15.49 per month, and the Premium plan is priced at $19.99 per month. The Basic plan is $1 more expensive, up from $8.99 per month. This plan allows users to watch on just one screen at a time, and it limits ...
iPhone 14 Mock pill and hole 16x9 120hz

Analyst: All iPhone 14 Models to Feature 120Hz Displays, 6GB of RAM, and More

Friday January 14, 2022 7:02 am PST by
Apple is rumored to announce four new iPhone 14 models in September, and ahead of time, analyst Jeff Pu has outlined his expectations for the devices. In a research note with Haitong International Securities, obtained by MacRumors, Pu claimed that all iPhone 14 models will feature ProMotion displays, compared to only Pro models currently. ProMotion enables a variable refresh rate up to 120Hz ...
ios 15

Apple Releases Minor iOS 15.2.1 and iPadOS 15.2.1 Updates

Wednesday January 12, 2022 10:05 am PST by
Apple today released minor 15.2.1 updates for iPhone and iPad users, and the software comes one month after Apple launched iOS 15.2 and iPadOS 15.2 with a slew of improvements. The iOS 15.2.1 and iPadOS 15.2.1 update can be downloaded for free and the software is available on all eligible devices over-the-air in the Settings app. To access the new software, go to Settings > General >...
maxresdefault

Hands-On With LG's 32-Inch UltraFine OLED Pro Display

Wednesday January 12, 2022 1:12 pm PST by
LG in December announced the launch of its new 2022 32-inch UltraFine OLED Pro display, and in our latest YouTube video, we went hands-on with it to see how it compares to Apple's Pro Display XDR and whether it might be worth picking up depending on the price point. Subscribe to the MacRumors YouTube channel for more videos. Officially named the "32BP95E," the display features a resolution of ...
iPad Pro Big Ol Logo Orange

Next iPad Pro Might Feature Large Glass Apple Logo to Allow Wireless Charging

Friday January 14, 2022 10:44 am PST by
Bloomberg's Mark Gurman and Debby Wu last year reported that Apple had tested a new iPad Pro with a glass back for wireless charging capabilities. In a recent edition of his newsletter, Gurman said he expects the new iPad Pro to be released in 2022. While the new iPad Pro is still on track to feature wireless charging, 9to5Mac's Filipe Espósito today reported that Apple may have ultimately...
iPhone 14 Mock pill and hole

iPhone 14 Pro Now Rumored to Feature Both Pill-Shaped and Circular Cutouts

Wednesday January 12, 2022 9:26 am PST by
Apple is widely expected to remove the notch on iPhone 14 Pro models, but there have been conflicting rumors about the new design. Early rumors suggested that Apple would adopt a hole-punch design with Face ID somehow moved completely under the display, and later it was rumored that there would be a pill-shaped cutout instead. Now, display industry consultant Ross Young has claimed that...
fortnite apple logo geforce feature

Fortnite Coming Back to iOS Soon Thanks to Nvidia's GeForce NOW Service

Thursday January 13, 2022 11:19 am PST by
With the Apple vs. Epic Games lawsuit continuing on, there are no signs that Apple has any intention of allowing popular battle royale game Fortnite to return to the App Store on iPhone and iPad. Epic Games has found a workaround though, by partnering up with Nvidia. GeForce NOW, Nvidia's streaming gaming service, will soon add Fortnite support, allowing Fortnite to be played through a...
iMac 27 inch 2020 sale

Deals: Apple's 21.5-Inch iMac Hits Record Low Price of $599.99 ($499 Off) [Update: Out of Stock]

Thursday January 13, 2022 4:05 am PST by
Amazon today has a great deal on the 2017 Intel 21.5-inch iMac (2.3GHz, 8GB RAM, 256GB SSD), priced at $599.99, down from $1,099.00. This is the best price we've ever tracked on this model, and it's only available at Amazon. The sale price will be reflected after an automatic coupon is applied at checkout. Note: MacRumors is an affiliate partner with some of these vendors. When you click a...