Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

MacRumors

macrumors bot
Original poster
Apr 12, 2001
58,710
22,365


Apple today released iOS 15.2.1 and iPadOS 15.2.1, minor updates that include an important security fix for a known HomeKit vulnerability that was first discovered last year.

homekit-showdown-2-thumb.jpg

According to Apple's security support document for the update, it addresses an issue that could cause a maliciously crafted HomeKit name to result in a denial of service, causing iPhones and iPads not to work.

Apple says that it was caused by a resource exhaustion issue that has now been addressed with improved input validation.


The HomeKit bug was first highlighted in January by Bleeping Computer after being discovered by Trevor Spiniolas. Called "doorLock," the vulnerability is executed by changing the name of a HomeKit device to something with over 500,000 characters.

Attempting to load such a large string of characters causes the iOS device to be sent into a denial of service state, and a forced reset is the only way to recover. Resetting the device results in a loss of data unless there is an available backup, and signing back into an affected iCloud account linked to the broken HomeKit device name can re-trigger the bug.

Apple partially fixed the bug in iOS 15.1 by limiting the length of the name that can be set for a HomeKit device or app, but it didn't entirely fix the issue because malicious people exploiting the vulnerability could use Home invitations rather than a device to trigger the attack.

Because this bug could result in data loss at worst and a device reset at best, it's worth updating to the iOS and iPadOS 15.2.1 updates right away.

Article Link: iOS 15.2.1 and iPadOS 15.2.1 Address HomeKit Vulnerability
 

Shirasaki

macrumors G5
May 16, 2015
13,903
8,454
Idk, should we thank Apple for fixing this bug or should we blame Apple for fixing this bug after a whole year?
Update: Oh so this is a more "permanent" fix while iOS 15.1 addresses this issue already? Well then.
 

xpxp2002

macrumors 6502a
May 3, 2016
813
1,560
Does this fix the Snapshots not updating on the cameras?
For what it's worth, I had the issue for about a week. Finally gave in and removed and re-added all of my cameras last week. Since then, I haven't rebooted my devices because I read that rebooting caused the issue to come back. Installing this update rebooted my devices for the first time since then, and my camera thumbnails are still working.
 

jz0309

macrumors 603
Sep 25, 2018
6,398
17,396
SoCal
So I could have saved my time to update as I’m not using any HomeKit, but then again, Apple never published each and every bug fix, so there is hope… and Safari feels snappier already ?
 
Last edited:

xpxp2002

macrumors 6502a
May 3, 2016
813
1,560
So is the macOS Home app somehow not vulnerable, despite being a Marzipan clone of the iPadOS app? Or is it simply not going to be patched?
 

PBG4 Dude

macrumors 68040
Jul 6, 2007
3,996
4,027
Serious question...how are things like this discovered?
This issue was found months ago by an independent researcher. They reported to Apple, and after Apple mot fixing the issue, they went public. Now less than a month after going public, the issue has been patched by Apple.

Makes me wonder how many other issues Apple currently knows about but are sitting on instead of patching.
 

nutmac

macrumors 603
Mar 30, 2004
5,726
6,347
Who really would have created a HomeKit device with a name over 500,000 characters? While it's possible, it's INCREDIBLY unlikely.
The only likely scenario that I can think of is folks using unauthorized Homebridge and similar hacks to use non-HomeKit devices.

Nevertheless, even an obscure security attack vector should be fixed.
 

PBG4 Dude

macrumors 68040
Jul 6, 2007
3,996
4,027
Who really would have created a HomeKit device with a name over 500,000 characters? While it's possible, it's INCREDIBLY unlikely.
The problem isn’t that someone could name an object with >500K characters. The problem is Apple code is willing to accept inputs of this length, even when the field has not had the memory allocated to handle a 500K length string.
 

morphineseason

macrumors 6502
Apr 1, 2007
267
192
Idk, should we thank Apple for fixing this bug or should we blame Apple for fixing this bug after a whole year?
Update: Oh so this is a more "permanent" fix while iOS 15.1 addresses this issue already? Well then.
Maybe I'm stating the obvious here, but generally speaking, just because something happened in 2021, doesn't mean it happened a "whole year" ago. We're only a couple weeks into 2022 ?
 
  • Like
Reactions: Stryder541

d4cloo

macrumors member
Aug 28, 2016
53
122
Los Angeles
Who really would have created a HomeKit device with a name over 500,000 characters? While it's possible, it's INCREDIBLY unlikely.
Automated tests. Advanced test scenarios that can be executed without human input. Latest in this field is machine-learning based automated tests.
This does only catch the types of errors that can be automated for. There's also unintended behaviour for example, and this is usually done with a QA and QC team.
 

hackedmac

macrumors newbie
Jul 30, 2015
9
12
Orlando, FL
For what it's worth, I had the issue for about a week. Finally gave in and removed and re-added all of my cameras last week. Since then, I haven't rebooted my devices because I read that rebooting caused the issue to come back. Installing this update rebooted my devices for the first time since then, and my camera thumbnails are still working.
I just updated my snapshots still arn't working =(. I really don't want to reinstall all my cameras as they are all different brands and I have automations tied to them.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.