Apple patches HomeKit denial-of-service bug with new iOS update

The image is by Alex Castro.

On Wednesday, Apple released the 15.2.1 version of the mobile operating system that fixes bugs, including a denial-of-service vulnerability previously reported by The Verge.

HomeKit is a software application that connects smart home devices to applications on the iPad. HomeKit devices labeled with long names would cause Apple's devices to freeze, crash, and restart if the vulnerability was exploited.

Signing in to the same account with a restored device would cause the crash since HomeKit device names are backed up to iCloud.

There is only one change in the security notification for the 15.2.1 update. HomeKit device names were not read into memory by Apple devices because of a resource exhaustion issue, according to the details of the fix.

The patch also fixed a bug that affected performance of third-party apps and prevented the Messages app from loading certain photos sent via iCloud. Users can update their device by opening the settings app on their device and selecting software update.

The HomeKit bug was discovered by a security researcher. Spiniolas accused Apple of being slow to respond to his initial disclosure.

According to Spiniolas, the bug affects at least as far back as 14.7 and likely before, meaning these devices are still vulnerable. The new update for the devices should be updated as soon as possible.