Apple fixes HomeKit API bug that freezes iPhones and iPads


Apple’s latest update fixes a HomeKit API bug which maliciously uses an extremely long name for smart home devices such as the HomePod mini (pic) to ‘lock’ iOS devices that try to connect to it. — Apple

Apple has patched an iOS bug that could cause connecting to a HomeKit smart home setup to crash your smartphone or tablet.

The latest iOS version 15.2.1 update deals with the bug reported by the Verge, which was originally spotted by security researcher Trevor Spiniolas who disclosed it to Apple in August 2021, per his Jan 1 blogpost.

The vulnerability in the HomeKit, the software API used to connect smart home devices to iOS apps, works by giving a HomeKit device an extremely long name of about a half million characters long.

When an iOS device connects, attempting to read that name will lock it in a freeze-crash-reboot cycle that requires a complete wipe of the iOS device to fix.

For extra nastiness, as HomeKit device names are backed up to iCloud, signing in with the same account restores the problematic name and triggers the issue again.

Before the latest patch, the only way to avoid this death loop was to immediately reject invitations to join an unfamiliar Home network.

On Apple’s support page, the latest update states that the HomeKit fix addresses how “processing a maliciously crafted HomeKit accessory name may cause a denial of service”.

The Verge notes that the fix likely works by preventing long HomeKit device names from being read into memory by iOS devices.

According to Spiniolas’ blog, the bug had not been addressed for quite a while, and could affect devices with iOS versions as far back as 14.7. Thus users are recommended to update their devices to avoid the problem.

Article type: free
User access status:
Subscribe now to our Premium Plan for an ad-free and unlimited reading experience!
   

Next In Tech News

Airtel only bidder in Nigeria's second 5G licensing round
UK watchdog says applying lessons from FTX crypto collapse will be 'pacy'
U.S. court weighs novel issue of crypto ownership in bankruptcy
Apple offers hacking targets new options to secure data, chats
Coinbase CEO expects revenue to plunge over 50% - Bloomberg News
Exclusive: Canada's biggest pension plan, CPPI, ends crypto investment pursuit - sources
Amazon shopping site back up after outage
ECB seeks urgent regulation after multiple crypto bubbles burst
EU court rejects WhatsApp challenge against EU Data Protection Board
Washington DC AG sues Amazon over driver tips

Others Also Read