iOS 15.2.1 and iPadOS 15.2.1 Address HomeKit Vulnerability

by

Apple today released iOS 15.2.1 and iPadOS 15.2.1, minor updates that include an important security fix for a known HomeKit vulnerability that was first discovered last year.

homekit showdown 2 thumb
According to Apple's security support document for the update, it addresses an issue that could cause a maliciously crafted ‌HomeKit‌ name to result in a denial of service, causing iPhones and iPads not to work.

Apple says that it was caused by a resource exhaustion issue that has now been addressed with improved input validation.


The ‌HomeKit‌ bug was first highlighted in January by Bleeping Computer after being discovered by Trevor Spiniolas. Called "doorLock," the vulnerability is executed by changing the name of a ‌HomeKit‌ device to something with over 500,000 characters.

Attempting to load such a large string of characters causes the iOS device to be sent into a denial of service state, and a forced reset is the only way to recover. Resetting the device results in a loss of data unless there is an available backup, and signing back into an affected iCloud account linked to the broken ‌HomeKit‌ device name can re-trigger the bug.

Apple partially fixed the bug in iOS 15.1 by limiting the length of the name that can be set for a ‌HomeKit‌ device or app, but it didn't entirely fix the issue because malicious people exploiting the vulnerability could use Home invitations rather than a device to trigger the attack.

Because this bug could result in data loss at worst and a device reset at best, it's worth updating to the iOS and iPadOS 15.2.1 updates right away.

Related Forum: iOS 15

Top Rated Comments

hackedmac Avatar
hackedmac
25 months ago
Does this fix the Snapshots not updating on the cameras?
Score: 8 Votes (Like | Disagree)
PBG4 Dude Avatar
PBG4 Dude
25 months ago

Who really would have created a HomeKit device with a name over 500,000 characters? While it's possible, it's INCREDIBLY unlikely.
The problem isn’t that someone could name an object with >500K characters. The problem is Apple code is willing to accept inputs of this length, even when the field has not had the memory allocated to handle a 500K length string.
Score: 7 Votes (Like | Disagree)
Sydnxt Avatar
Sydnxt
25 months ago
Wow, no release notes on the software update screen!
Score: 6 Votes (Like | Disagree)
d4cloo Avatar
d4cloo
25 months ago

I'm a heavy critic on how Apple developed HomeKit. I see I'm getting validated today.
I'm mostly annoyed by the user experience. I have a lot of smart equipment, and it's extremely cumbersome and frankly impossible to design a custom screen in Control Center that is laid out exactly according to my preferences.
Score: 6 Votes (Like | Disagree)
Macintosh TV Avatar
Macintosh TV
25 months ago
Who really would have created a HomeKit device with a name over 500,000 characters? While it's possible, it's INCREDIBLY unlikely.
Score: 5 Votes (Like | Disagree)
doboy Avatar
doboy
25 months ago
Seriously, people accept home invitations from randos? Haha.
Score: 4 Votes (Like | Disagree)
Read All Comments

Popular Stories

iOS 17

iOS 17.2 Will Add These 12 New Features to Your iPhone

Friday December 1, 2023 12:19 pm PST by
iOS 17.2 has been in beta testing for over a month, and it should be released to all users in a few more weeks. The software update includes many new features and changes for iPhones, including the dozen that we have highlighted below. iOS 17.2 is expected to be released to the public in mid-December. To learn about even more features coming in the update, check out our full list. Journal ...
Read Full Article
anker new xmas 1

Anker's Cyber Week Sale Enters Final Days With Up to 60% Off Sitewide

Friday December 1, 2023 12:05 pm PST by
Anker's Black Friday/Cyber Week event is entering its final days this weekend, and it's still offering up to 60 percent off sitewide. There are also a few "mystery boxes" that can include hundreds of dollars in savings, if you're willing to risk not knowing what you're buying ahead of time. All of these sales will end on December 3. Note: MacRumors is an affiliate partner with Anker. When you...
Read Full Article19 comments
iOS 17

28 New Things Your iPhone Can Do in December's iOS 17.2 Update

Friday December 1, 2023 2:57 am PST by
Apple made the first beta of iOS 17.2 available to developers in October. Since then we've seen three more betas, and with each iteration Apple continues to add more new features and changes, many of which users have been anticipating for quite a while. Below, we've listed 28 new things that are coming to your iPhone when the finalized version is publicly released this December. 1. Help...
Read Full Article153 comments
top stories 2dec2023

Top Stories: iOS 17.1.2 Released, NameDrop Misinformation, and More

Saturday December 2, 2023 6:00 am PST by
Apple employees are back to work following a Thanksgiving break, and that means this week saw a number of new operating system updates for both public release and beta testing. This week also saw some misinformation about Apple's new NameDrop feature making the rounds, while Apple and Goldman Sachs appear to be on the verge of a break-up in their Apple Card and savings account partnership,...
Read Full Article31 comments
General Apps Messages

Green Bubbles on iPhone to Gain These 7 New Features Next Year

Thursday November 30, 2023 9:00 am PST by
Earlier this month, Apple announced that it will finally support RCS in the Messages app on the iPhone starting later next year. This change will result in several improvements to the messaging experience between iPhones and Android devices. RCS will become the new default standard for messaging between iPhones and Android devices, but these conversations will still have green bubbles like...
Read Full Article
m2 macbook air green

Get Apple's M2 MacBook Air and M3 MacBook Pro for Record Low Prices

Friday December 1, 2023 6:59 am PST by
Best Buy is discounting a collection of MacBook Air and MacBook Pro models to all-time low prices today. We're tracking these deals below in addition to great discounts on the Apple Pencil 2 and Apple Watch Ultra 1. MacBook Air Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a purchase, we may receive a small payment, which helps us keep the...
Read Full Article35 comments
iPhone 16 Mock Header Updated 1

iPhone 16 to Include Action Button Across Entire Lineup

Thursday November 30, 2023 4:08 pm PST by
The release of the iPhone 15 Pro and Pro Max saw the introduction of an entirely new user-configurable button known as the Action button, and now, MacRumors has seen extensive evidence confirming Apple is planning to include the Action button on the entire iPhone 16 range. Designs and plans for the Action button date back to at least 2021, as the button was intended for release alongside hapt...
Read Full Article120 comments