Apple patches HomeKit denial-of-service bug with new iOS update – Corin Faife

Illustration by Alex Castro / The Verge

On Wednesday, Apple released the 15.2.1 version of iOS, a minor update to the mobile operating system that fixes bugs, including a denial-of-service vulnerability previously reported by The Verge.

The 15.2.1 patch addresses a vulnerability triggered through HomeKit, the software API for connecting smart home devices to iOS applications. If the vulnerability was exploited, HomeKit devices labeled with a very long name would cause iPhones and iPads to endlessly freeze, crash, and reboot.

Since HomeKit device names are backed up to iCloud, signing in to the same iCloud account with a restored device would trigger the crash again.

Apple’s security notification for the 15.2.1 update lists only one change, a fix for the HomeKit vulnerability….

Continue reading…

Read More