iOS 15.2.1 and iPadOS 15.2.1 Address HomeKit Vulnerability

[MacRumors]

Apple today released iOS 15.2.1 and iPadOS 15.2.1, minor updates that include an important security fix for a known HomeKit vulnerability that was first discovered last year.

According to Apple's security support document for the update, it addresses an issue that could cause a maliciously crafted HomeKit name to result in a denial of service, causing iPhones and iPads not to work.

Apple says that it was caused by a resource exhaustion issue that has now been addressed with improved input validation.

The HomeKit bug was first highlighted in January by Bleeping Computer after being discovered by Trevor Spiniolas. Called "doorLock," the vulnerability is executed by changing the name of a HomeKit device to something with over 500,000 characters.

Attempting to load such a large string of characters causes the iOS device to be sent into a denial of service state, and a forced reset is the only way to recover. Resetting the device results in a loss of data unless there is an available backup, and signing back into an affected iCloud account linked to the broken HomeKit device name can re-trigger the bug.

Apple partially fixed the bug in iOS 15.1 by limiting the length of the name that can be set for a HomeKit device or app, but it didn't entirely fix the issue because malicious people exploiting the vulnerability could use Home invitations rather than a device to trigger the attack.

Because this bug could result in data loss at worst and a device reset at best, it's worth updating to the iOS and iPadOS 15.2.1 updates right away.

Article Link: iOS 15.2.1 and iPadOS 15.2.1 Address HomeKit Vulnerability

 

[Sydnxt]

Wow, no release notes on the software update screen!

 

[Shirasaki]

Idk, should we thank Apple for fixing this bug or should we blame Apple for fixing this bug after a whole year?
Update: Oh so this is a more "permanent" fix while iOS 15.1 addresses this issue already? Well then.

 

[hackedmac]

Does this fix the Snapshots not updating on the cameras?

 

[alex00100]

Another day another vulnerability.

 

[xpxp2002]

Does this fix the Snapshots not updating on the cameras?

For what it's worth, I had the issue for about a week. Finally gave in and removed and re-added all of my cameras last week. Since then, I haven't rebooted my devices because I read that rebooting caused the issue to come back. Installing this update rebooted my devices for the first time since then, and my camera thumbnails are still working.

 

[Macintosh TV]

Who really would have created a HomeKit device with a name over 500,000 characters? While it's possible, it's INCREDIBLY unlikely.

 

[travoose]

Serious question...how are things like this discovered?

 

[jz0309]

So I could have saved my time to update as I’m not using any HomeKit, but then again, Apple never published each and every bug fix, so there is hope… and Safari feels snappier already ?

 

[xpxp2002]

So is the macOS Home app somehow not vulnerable, despite being a Marzipan clone of the iPadOS app? Or is it simply not going to be patched?

 

[PBG4 Dude]

Serious question...how are things like this discovered?

This issue was found months ago by an independent researcher. They reported to Apple, and after Apple mot fixing the issue, they went public. Now less than a month after going public, the issue has been patched by Apple.

Makes me wonder how many other issues Apple currently knows about but are sitting on instead of patching.

 

[nutmac]

Who really would have created a HomeKit device with a name over 500,000 characters? While it's possible, it's INCREDIBLY unlikely.

The only likely scenario that I can think of is folks using unauthorized Homebridge and similar hacks to use non-HomeKit devices.

Nevertheless, even an obscure security attack vector should be fixed.

 

[PBG4 Dude]

Who really would have created a HomeKit device with a name over 500,000 characters? While it's possible, it's INCREDIBLY unlikely.

The problem isn’t that someone could name an object with >500K characters. The problem is Apple code is willing to accept inputs of this length, even when the field has not had the memory allocated to handle a 500K length string.

 

[_Spinn_]

I’m glad Apple finally fixed this bug.

 

[PhillyGuy72]

This just popped up on my phone (red 1 icon on settings). 970mb download.
I don't have homekit on my phone, the few devices I have do not work with HomeKit.

 

[morphineseason]

Idk, should we thank Apple for fixing this bug or should we blame Apple for fixing this bug after a whole year?
Update: Oh so this is a more "permanent" fix while iOS 15.1 addresses this issue already? Well then.

Maybe I'm stating the obvious here, but generally speaking, just because something happened in 2021, doesn't mean it happened a "whole year" ago. We're only a couple weeks into 2022 ?

 

[doboy]

Seriously, people accept home invitations from randos? Haha.

 

[decypher44]

911mb on my iPhone 12P? That seems extremely large to patch something.

 

[now i see it]

This vulnerability would never manifest in someone’s home.

 

[aesc80]

I'm a heavy critic on how Apple developed HomeKit. I see I'm getting validated today.

 

[d4cloo]

Who really would have created a HomeKit device with a name over 500,000 characters? While it's possible, it's INCREDIBLY unlikely.

Automated tests. Advanced test scenarios that can be executed without human input. Latest in this field is machine-learning based automated tests.
This does only catch the types of errors that can be automated for. There's also unintended behaviour for example, and this is usually done with a QA and QC team.

 

[d4cloo]

I'm a heavy critic on how Apple developed HomeKit. I see I'm getting validated today.

I'm mostly annoyed by the user experience. I have a lot of smart equipment, and it's extremely cumbersome and frankly impossible to design a custom screen in Control Center that is laid out exactly according to my preferences.

 

[N0ughtsAndCr0sses]

T

Serious question...how are things like this discovered?

Trial and error by on-the-dole people.

 

[nwcs]

911mb on my iPhone 12P? That seems extremely large to patch something.

A lot of times it depends on exactly where it is. If it's deep enough in the code stack a lot of things may have to be rebuilt as well as a consequence even with no changes otherwise.

 

[hackedmac]

For what it's worth, I had the issue for about a week. Finally gave in and removed and re-added all of my cameras last week. Since then, I haven't rebooted my devices because I read that rebooting caused the issue to come back. Installing this update rebooted my devices for the first time since then, and my camera thumbnails are still working.

I just updated my snapshots still arn't working =(. I really don't want to reinstall all my cameras as they are all different brands and I have automations tied to them.