A safety researcher has publicly disclosed a bug current in iOS 15.2 (and going again to iOS 14.7 and probably earlier) regarding HomeKit that may very well be used to completely crash an iPhone.
Trevor Spiniolas discovered that by altering the identify of a HomeKit system to a big string (Spiniolas used 500,000 characters for the testing), this is able to crash the related iPhone.
To make issues worse, as a result of the system identify can be backed as much as the person’s iCloud account, restoring an iPhone and signing again into the iCloud account linked to the HomeKit system would as soon as once more set off the bug.
In accordance with Spiniolas, “[t]his bug poses a major danger to the information of iOS customers, however the public can shield themselves from the worst of its results by disabling Dwelling units in management heart to be able to shield native knowledge.”
Spiniolas determined to make this bug public after initially reporting the bug to Apple on August 10, and Apple promising a repair “earlier than 2022.” December 10, Apple then knowledgeable Spiniolas that the repair would come “early 2022,” which is when he determined to make the bug public on January 1, 2022.
“The general public ought to concentrate on this vulnerability and the way to forestall it from being exploited,” writes Spiniolas, “quite than being saved at midnight.”
Suppose you may be affected by this bug? Spiniolas has outlined the method to get the iPhone working once more.
- Restore the affected system from Restoration or DFU Mode
- Arrange the system as regular, however do NOT signal again into the iCloud account
- After setup is completed, signal into iCloud from settings. Instantly after doing so, disable the swap labeled “Dwelling.” The system and iCloud ought to now perform once more with out entry to Dwelling knowledge.