Apple delivered iOS, the most recent programming update for late iPhone and iPad gadgets. The company’s HomeKit DDoS protocol for integrating heterogeneous smart home gadgets has a weakness, which this patch fixes.
By renaming a HomeKit compatible device to more than 500,000 characters, this flaw permitted a malicious user to crash and freeze an iPhone or iPad repeatedly. iOS has backed up HomeKit device names to iCloud, which might lead to an eternal crash loop for iOS users.
Not many know that the security researchers identified and announced this vulnerability on the 1st of January. Trevor Spiniolas identified the HomeKit DDoS problem. After which, Bleeping Computer initially published it in January.
According to Spiniolas, in August, Apple Corporation knew about the flaw. It then tried to rectify the fault by the end of 2022. However, it hopes to resolve it by early 2022.
When attempting to load such a long string of characters, the iOS device enters a denial of service state, and the only way to recover is to do a hard reset. Signing back into an impacted iCloud account connected to the damaged HomeKit device name can re-trigger the problem, and resetting the device results in data loss unless there is an accessible backup.
Apple partially solved the bug in iOS 15.1 issue. It selected a name for a HomeKit DDoS device or app and reduced the length of the name. However, it didn’t completely solve the problem. It is because bad people might use Home invites to launch an attack.