After a long wait, Apple finally released a security update to fix the iPhone HomeKit bug. This is a persistent denial of service (DoS) attack that causes iPad and iPhone crash issues.
As reported earlier, the DoS attack called doorLock is a security vulnerability that exploits the Apple HomeKit framework. In quick summary, it fools an iPhone or iPad user into accepting a malicious payload that infects and destroys their device.
iPhone Crashing Fixed: How to Get iPhone and iOS Update
Apple finally addressed this issue in their iOS 15.2.1 and iPadOS 15.2.1 update. This security fix is released for the following devices:
- iPhone 6s and later
- iPad Pro (all models)
- iPad Air 2 and later
- iPad 5th generation and later
- iPad 4 mini 4 and later
- iPod touch (7th generation)
Typically, Apple updates are automatically installed by the device. However, this update could also be triggered manually by the user.
To update this security fix, Apple users should make sure that their device is plugged in and connected to the internet. Then, they should open "Settings," "General," and "Software Update."
Check if there is a security update for "iOS 15.2.1" or "iPadOS 15.2.1" and choose these options. Click on "Install" and wait for the update to complete.
HomeKit Bug: iPhone Crash Issues
According to Bleeping Computer, the programmer Trevor Spiniolas first spotted and reported this bug in August 2021. He said, "four months ago I discovered and reported a serious denial of service bug in iOS that still remains in the latest release. It persists through reboots and can trigger after restores under certain conditions."
Spiniolas elaborated that the DoS attack was easy to set up. When an Apple user accepts a malicious home invite, their device would "immediately" stop working. Be warned that the malicious HomeKit device name is often hidden in a large string of up to 500,000 characters. Spiniolas simulated this attack in a YouTube video.
As seen in the experiment, the attack is hidden in the form of a Home Invitation. An unsuspecting victim would think this is a request to connect with one of the many available smart home appliances. However, accepting this invite will create a chain of problems.
In some cases, a device will suffer delayed response, while others are completely unresponsive. Sometimes, this issue also causes black screen and freezing. Even worse, the problem would not be resolved by restarting the device. To recover from this attack, a user will be forced to apply a factory reset.
Spiniolas emphasized that this bug posed a serious risk for many users reliant on smart home appliances. Fortunately, Apple resolved this vulnerability in the latest patch.
Apple users who have yet to update their iPhones and iPad to the latest version are advised to do so as soon as possible. Note that this update should be applied before they connect or set up their HomeKit network.