Apple Patches iOS HomeKit Flaw After Researcher Warning


The iOS 15.2.1 patch, available for all supported iPhones and iPads, is described simply as a “resource exhaustion issue” that causes the device to hang when processing maliciously crafted HomeKit accessory names.

The sudden appearance of the patch comes almost two weeks after researcher Trevor Spiniolas publicly documented the HomeKit bug and warned that it could be exploited to launch ransomware-type attacks on iPhones.

Spinolas found that when the name of an Apple HomeKit device is changed to an unusually large string, any iOS device that loads the string will face a persistent disruption. Even worse, restoring a device and signing back into the iCloud account linked to the HomeKit device will again trigger the bug, Spinolas explained.