Apple fixes doorLock vulnerability with rollout of iOS 15.2.1 and iPadOS 15.2.1

Apple has fixed a vulnerability dubbed “doorLock” with the rollout of iOS 15.2.1 and iPadOS 15.2.1 security update.

Earlier this month, researcher Trevor Spiniolas discovered that an attacker could exploit doorLock, an iPhone HomeKit vulnerability, on iPhones to launch persistent denial of service (DoS) attacks.

Spiniolas publicly disclosed the findings on the persistent DoS vulnerability “affecting iOS 15.2 – iOS 14.7 (and likely through 14.0), triggered via HomeKit.” He made the disclosure after he previously reported the issue to Apple on August 10th, 2021.

Moreover, the researcher described the vulnerability exists “when the name of a HomeKit device is changed to a large string (500,000 characters in testing), any device with an affected iOS version installed that loads the string will be disrupted, even after rebooting.”

“Restoring a device and signing back into the iCloud account linked to the HomeKit device will again trigger the bug,” he added.

The issue is now fixed with latest security release of Apple iOS 15.2.1 and iPadOS 15.2.1.

“Processing a maliciously crafted HomeKit accessory name may cause a denial of service,” Apple noted in the advisory.

The issue affects iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).

Related Articles