Apple has fixed a security vulnerability in iOS and iPadOS that could be exploited via HomeKit to launch persistent denial of service (DoS) attacks.
The technology giant released iOS 15.2.1 and iPadOS 15.2.1 on Wednesday to patch the so-called “doorLock” flaw, which was disclosed earlier this month by security researcher Trevor Spiniolas. The bug affects iPhones and iPads running iOS 14.7 through iOS 15.2 and is triggered via HomeKit, Apple’s smart home platform that lets Apple users configure, communicate with and control their smart home devices.
To exploit the bug, an attacker would need to change the name of a HomeKit device to a string larger than 500,000 characters. When that string loads on a user’s iPhone or iPad, the device’s software would be thrown into a denial of service (DoS) state, requiring a forced-reset to unfreeze. But once the device reboots and the user signs back into the iCloud account linked to HomeKit, the bug is triggered again.
Even if a user doesn’t have any devices added on HomeKit, an attacker could create a spoof Home network and trick a user into joining via a phishing email. Worse, Spiniolas warned that attackers could leverage the doorLock vulnerability to launch ransomware attacks against iOS users, locking devices into an unusable state and demanding a ransom payment to set the HomeKit device back to a safe string length.
Spiniolas said that Apple pledged to fix the issue in a security update last year, but this was pushed back until “early 2022,” prompting Spiniolas to disclose the bug fearing the delay poses a “serious risk” to users.
“Despite them confirming the security issue and me urging them many times over the past four months to take the matter seriously, little was done,” he wrote. “Status updates on the matter were rare and featured exceptionally few details, even though I asked for them frequently.”
“Apple’s lack of transparency is not only frustrating to security researchers who often work for free, it poses a risk to the millions of people who use Apple products in their day-to-day lives by reducing Apple’s accountability on security matters.”
The update can be downloaded now and is available for the iPhone 6s and later, all iPad Pro models, iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later and iPod touch (7th generation).