Reprinted from TidBITS by permission; reuse governed by Creative Commons
license BY-NC-ND 3.0. TidBITS has offered years of thoughtful commentary
on Apple and Internet topics. For free email subscriptions and access to the
entire TidBITS archive, visit http://www.tidbits.com/


    iOS 15.2.1 and iPadOS 15.2.1 Fix Messages Bug and HomeKit Vulnerability

   Josh Centers

   Apple has released [1]iOS 15.2.1 and [2]iPadOS 15.2.1 updates, with
   just a couple of bug fixes:
     * Messages not loading photos sent using iCloud Link
     * Third-party CarPlay apps not responding to input

   Perhaps the most interesting change appears in the [3]security notes.
   There's only one security fix, and it's for a nasty HomeKit
   vulnerability, in which a maliciously crafted HomeKit accessory name
   (containing some 500,000 characters) could cause iOS and iPadOS devices
   that loaded it to be disrupted, even after rebooting'the only solution
   was to reset and restore the device. Security researcher [4]Trevor
   Spinolas reported the bug to Apple way back in August 2021'it's
   distressing that it took Apple this long to fix the bug.

   If you use HomeKit or have been affected by the Messages or CarPlay
   bugs, you should update right away. Otherwise, we recommend waiting a
   few days to see if any issues crop up.

   You can install the iOS 15.2.1 update (804.8 MB on an iPhone 11 Pro)
   and the iPadOS 15.2.1 update (676.6 MB on a 2020 iPad) in Settings >
   General > Software Update.

References

   Visible links
   1. https://support.apple.com/en-us/HT212788
   2. https://support.apple.com/en-us/HT212788
   3. https://support.apple.com/en-us/HT213043
   4. https://trevorspiniolas.com/doorlock/doorlock.html

   Hidden links:
   5. https://tidbits.com/wp/../uploads/2022/01/iOS-15.2.1-update.jpg

.