If you’re already using iOS 15.2 (or iPadOS 15.2), it’s probably a good idea to grab the new 15.2.1 update. Released on Wednesday, it fixes a few minor issues with Messages and CarPlay and a more serious security issue with HomeKit.
The Messages fix is simple – sometimes some photos sent using an iCloud link wouldn’t load. The CarPlay fix applies to third-party apps that sometimes wouldn’t respond to input, which is definitely not ideal when you’re driving.
But it’s the HomeKit fix that’s really important here. Security researcher Trevor Spiniolas discovered that if someone named a HomeKit device really long (hundreds of thousands of characters), your iPhone or iPad will crash when it tries to parse the name.
If there is a malicious-named HomeKit device in your home, then the Home app will become completely unusable. Worse, if you have HomeKit devices in Control Center (the default for most users), the entire device will lock up and become unresponsive in a very short time. And restarting or restoring the device won’t fix it – you’ll get stuck in that loop.
It’s unclear exactly how iOS 15.2.1 fixes the problem, but the update prevents a hacker from exploiting it. Here are Apple’s release notes for iOS 15.2.1:
- Messages might not upload photos sent using an iCloud link
- Third-party CarPlay apps may not respond to input
- Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
- Impact: Processing a maliciously crafted HomeKit accessory name may lead to a denial of service
- The description: An issue of resource depletion has been addressed with better validation of entries.
- CVE-2022-22588: Trevor Spiniolas (@TrevorSpiniolas)
To get the update, open Settings, and then tap General, Software update, and Download and install.
I have written professionally about technology for my entire working adult life – over 20 years. I like to understand how complicated technology works and explain it in a way that everyone can understand.