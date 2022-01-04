Apple’s iOS-based devices are reportedly going into a cycle of freezing and crashing, eventually making them unusable. This, according to reports, is due to a HomeKit vulnerability that has been exposed by a security researcher. According to the researcher, the vulnerability exists in all iOS versions, starting with iOS 14.7. According to the report, iPhone users on iOS 15 are also affected by this denial-of-service vulnerability. Apple is said to be aware of the issue and had reportedly promised users a fix before 2022.

While the flaw still requires fixing, security researcher Trevor Spiniolas has detailed the scope of the Apple HomeKit vulnerability, which was initially reported back in August 2021. With this, attackers can exploit the flaw and bring your iPhone or iPad in a cycle of freezing and crashing by connecting it with a HomeKit device that has too long a name. How long? Around 500,000 characters!, the researcher detailed. According to him, iOS devices are becoming unresponsive once it reads the device name.

The attacker could also trigger the vulnerability by using an app to rename an existing HomeKit device. Separately, the attacker could exploit the vulnerability by sending an invite to a new HomeKit device that has a long name.

Spiniolas says that Apple has introduced a limit for setting the name of an app or user can set for a HomeKit device in iOS 15.1. This is said to help reduce the impact to some extent as the attacker couldn’t impact the users by triggering the vulnerability after renaming one of the connected HomeKit devices.

However, the issue can still impact users on the newer iOS versions if a HomeKit device with an extremely long name is connected via an invite.

The researcher also found that Apple stores the names of connected HomeKit devices on the iCloud. This also makes the issue persist, even if a user restores an iOS device. Spiniolas has created a video to detail the impact of the vulnerability, even after restoring an iOS device.

