Apple releases iOS 15.2.1 to patch a serious HomeKit DDoS vulnerability

6 months ago 157
PR Distribution

Apple has released iOS 15.2.1, its latest bundle update for caller iPhone and iPad devices. The spot addresses a vulnerability recovered wrong the company’s HomeKit protocol for connecting disparate astute location devices. The bug allowed malicious individuals to unit an iPhone oregon iPad to repeatedly clang and frost by changing the sanction of a HomeKit-compatible instrumentality to see much than 500,000 characters. Since iOS backs up HomeKit instrumentality names to iCloud, it was imaginable for iOS users to get stuck successful an endless loop of crashes.

Security researcher Trevor Spiniolas discovered the vulnerability and publically disclosed it connected January 1st. According to Spiniolas, helium informed Apple of the bug backmost successful August. The institution had reportedly planned to code the vulnerability earlier the extremity of 2021 but aboriginal delayed a hole to aboriginal 2022. “I judge this bug is being handled inappropriately arsenic it poses a superior hazard to users and galore months person passed without a broad fix,” Spiniolas said astatine the time.

Spiniolas recovered that the vulnerability is contiguous wrong Apple’s mobile operating strategy arsenic acold backmost arsenic iOS 14.7, but said helium believes it exists successful each versions of iOS 14. In different words, if you’ve been holding disconnected connected installing iOS 15, present is the clip to update your Apple devices.

Update 01/13/22 12:45AM ET: We corrected a typo regarding Apple's timeline to code the vulnerability (thanks, Richard). 

All products recommended by Engadget are selected by our editorial team, autarkic of our genitor company. Some of our stories see affiliate links. If you bargain thing done 1 of these links, we whitethorn gain an affiliate commission.

Read Entire Article