Update: Apple has release iOS 15.3.1 to fix a different problem with WebKit.
If you have a recent iPhone or iPad then you’ll want to update it to the newly released iOS 15.2.1 and iPadOS 15.2.1, as this update fixes a nasty security flaw that could send your iPhone into a reboot spiral of death.
The vulnerability could allow hackers to set up a HomeKit compatible device with a very long name, some 500,000 characters in length, which would then trigger an iOS or iPadOS device to repeatedly crash when trying to connect to it.
What’s more, as iOS and iPadOS backup HomeKit device names to iCloud, it could trigger affected iPhones and iPads to suffer from an endless loop of crashes. And rebooting or updating an affected iPhone or iPad won’t fix the problem either, with any attempt to backup from previously used iCloud data also triggering the crash cycle.
Ultimately, a factory reset would be needed and thus result in data loss; Spiniolas suggested this bug could be used by hackers to perform ransomware attacks, forcing victims to part with money or lose access to their iOS or iPadOS data.
But with iOS and iPadOS 15.2.1, the ability to put in excessively long HomeKit device names has been curtailed, and thus the bug has been squashed. So if you’ve yet to do it, we very much recommend you update to the latest version of iOS and iPadOS, as device running versions dating back to iOS 14.7 are vulnerable to this exploit.
And as ever, we suggest being cautious about the networks you connect your devices to. If an unknown user or device asks for permission to connect to your phone, tablet or laptop, then make sure you know it’s not malicious. We’d advise treating such situations with extreme caution until you know you’re connected to a trusted device or network.
