Apple has released iOS 15.2.1 to address a major HomeKit DDoS

Apple has launched iOS 15.2.1, the company’s most recent software upgrade for iPhone and iPad users. The fix resolves a flaw in Apple’s HomeKit protocol, which is used to link various smart home products.

By modifying the name of a HomeKit-compatible gadget to include more than 500,000 characters, malevolent persons might force an iPhone or iPad to crash and freeze repeatedly. Because iOS saves HomeKit device names to iCloud, users might get locked in a never-ending cycle of crashes. This vulnerability is quite serious since it could become an opportunity for hackers to start sharing data across platforms.

Further Details

Trevor Spiniolas, a security researcher, uncovered the flaw and publicly exposed it on January 1st. According to Spiniolas, the flaw was reported to Apple in August. The corporation had apparently planned to remedy the flaw before the end of 2021, however, the fix was ultimately pushed out to early 2022. “I feel this defect is being handled in an ineffective manner because it offers a severe danger to consumers and many months have gone without a complete patch,” Spiniolas stated at the time.

The vulnerability was discovered in Apple’s mobile operating system as early as iOS 14.7, although Spiniolas believes it is present in all versions of iOS 14. In other words, if you’ve been putting off updating your Apple devices to iOS 15, now is the time to do it.