Apple released iOS 15.2.1 to fix a serious HomeKit DDoS vulnerability

Apple has released iOS, its latest software update for modern iPhone and iPad devices. The patch addresses a vulnerability in the company’s HomeKit protocol for connecting disparate smart home devices. The bug allowed malicious individuals to force your iPhone or iPad to repeatedly crash and freeze by changing the name of a HomeKit-compatible device to include more than 500,000 characters. Since iOS supports HomeKit device names on iCloud, iOS users can get stuck in an endless loop of crashes.

The vulnerability was discovered by a security researcher and announced on January 1st. According to Spiniolas, the bug was reported to Apple in August. The company reportedly planned to address the vulnerability before the end of 2022 but later postponed its fix to early 2022. “I think this bug is being handled inappropriately because it poses a serious risk to users and it has been several months without an overhaul,” Spiniolas said in that the time.

Spiniolas has found that the vulnerability has been in Apple’s mobile operating system since iOS 14.7, but said he believes it’s in all versions of iOS 14. In other words, if you’ve been putting off installing iOS 15, now is the time to update your Apple devices.

All products recommended by Engadget are handpicked by our editorial team, independently of the parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.

Source link

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button