iOS 15 flaw could send iPhones into reboot spiral of death — and Apple finally has a fix
iOS xv flaw could send iPhones into reboot screw of death — and Apple finally has a gear up
UPDATED with release of the iOS 15.two.i update designed to fix this flaw .
An abrasive bug that could send an iPhone or iPad into a seemingly countless boot loop of death using Apple's Home app has been disclosed. The researcher who found information technology claims Apple doesn't intendance enough about the flaw to fix it quickly.
"I believe this problems is being handled inappropriately every bit information technology poses a serious risk to users and many months have passed without a comprehensive fix," wrote security researcher Trevor Spiniolas in a PDF posted online earlier this month. "The public should be aware of this vulnerability and how to prevent information technology from being exploited, rather than being kept in the dark."
Nosotros're not and then sure how much of a security risk this flaw — which Spiniolas calls "DoorLock" — really poses, though it may announced that your iPhone is hopelessly bricked without possibility of recovery. (There are means to rescue your iPhone, which we'll discuss below.)
Merely iPhone and iPad users should take steps to protect themselves confronting pranksters and trolls who might exploit the flaw for their ain amusement.
We've as well sent a request to Apple for comment on the event, and we will update this story when we get a reply.
DoorLock: What'south in a name?
According to Spiniolas, the problems is triggered when a very long name — we're talking hundreds of thousands of characters — is assigned to a device on a local HomeKit network, Apple'due south implementation of smart-home networking. Any iOS device linked to the network can arbitrarily alter a device name.
"When the name of a HomeKit device is changed to a large cord (500,000 characters in testing), whatever device with an affected iOS version installed that loads the string will be disrupted, even later on rebooting," Spiniolas wrote in a blog postal service.
Somehow (probably because very long names might "overflow" a memory allocation), this causes the Home app on iOS devices linked to the HomeKit network to crash, and to keep crashing until the troublesome device is renamed. Tom's Guide has non tried to replicate any of these issues, so we can't confirm they always work.
Even worse, says Spiniolas, if an iOS device has the Domicile app enabled in the Control Center (the swipe-down carte du jour y'all admission from an iPhone's main screen), then the iOS device will freeze upwards and go unresponsive.
Rebooting the device won't help, as the Dwelling house app will be loaded before the user can become to the Settings screen to remove Home from the Command Center. Fifty-fifty doing a full restore (which wipes the user data on the telephone) will resolve matters merely until the user logs into their iCloud account.
"Restoring a device and signing back into the iCloud account linked to the HomeKit device volition again trigger the bug," wrote Spiniolas.
Contempo versions of iOS all affected
The flaw affects at to the lowest degree iOS 14.7 and 14.8, Spiniolas wrote, and likely all versions of iOS 14. (Tom'due south Guide suspects all versions of iOS that back up HomeKit, dating back to iOS 8, may exist susceptible.)
Beginning with iOS 15 or possibly the fifteen.1 update, Spiniolas wrote — both of which were released later he disclosed the problems to Apple — users were prevented from giving HomeKit devices very long names. However, iOS 15 devices volition yet crash/freeze up as described above if they join HomeKit networks on which such devices are present.
Spiniolas says it's possible for attackers to invite iOS device users to bring together malicious HomeKit networks, or to change the names of devices on HomeKit networks that they're already joined. He even worries that this could lead to ransomware-like attacks on iOS devices, in which attackers could agree devices "hostage" until a ransom is paid, although we recall that'south unlikely.
Every bit Sophos' Paul Ducklin wrote in a web log post of his own concluding week, "The skillful news is that the bug doesn't let attackers spy on your phone (or your HomeKit devices), steal information such as passwords or personal messages, install malware, rack upwards fraudulent online charges or mess with your network."
Spiniolas says he told Apple well-nigh this flaw on Aug. 10, 2021, but that the company keeps pushing back the date of a gear up then that it's at present "early 2022." Once again, we've asked Apple tree for clarification.
How to go out of a boot loop caused by the DoorLock flaw
If you find your iOS device freezing upward due to this flaw (and we think that'southward very unlikely), so Spiniolas says y'all'll need to perform a organisation restore process that will fully erase all the user data on your iPhone or iPad. (This is best done when "tethered" via a USB cable to a Mac or a PC, merely here's how to do an iOS system restore without a computer.)
However, don't sign into your iCloud account when the iOS device prompts you to, says Spiniolas. Instead, wait until the iPhone or iPad is fully set upward locally, and so sign into iCloud from the Settings bill of fare — and disable the switch labeled Home immediately.
Spiniolas doesn't address another possible way out: If you accept HomeKit and the Home app ready on your Mac (available in macOS x.14 Mojave and afterward), then yous might be able to but rename the troublesome devices straight from your Mac without needing to perform a mill-restore process on your iOS devices. That's assuming there'south no flaw like to this one in the Mac version of the Home app.
How to avoid getting snagged by the DoorLock flaw
Fortunately, it'southward very piece of cake to make sure you're not afflicted by whatsoever possible (all the same unlikely) attacks that exploit this flaw. As Sophos' Ducklin explains, the commencement steps are to not let anyone you don't live with join your HomeKit network — and to not join anyone else'southward HomeKit network fifty-fifty if they invite y'all. Really, that'southward simply mutual sense.
To make sure you lot're never trapped in a HomeKit kicking loop, Ducklin recommends pre-emptively removing Home from your iOS devices' Command Centers, which you tin can practise in Settings > Control Center > Customize Controls.
Finally, and this is something all iOS users should do, regularly support your devices to your Mac or PC of choice and so that all your user information can be accessed without having to reach out to iCloud.
UPDATE: Apple tree releases iOS update to fix this flaw
On Wednesday, Jan. 12, Apple quietly released iOS xv.two.1 and iPad OS 15.two.1 to patch this vulnerability.
We oasis't had a adventure to examination the efficacy of the patch ourselves, but Apple described the update thus: "A resource exhaustion issue was addressed with improved input validation."
It added that the flaw's impact was that "Processing a maliciously crafted HomeKit accessory proper name may cause a deprival of service."
In example in that location was any dubiety which flaw was being fixed, credit was given to Spiniolas for its discovery. The flaw was also assigned the catalogue number CVE-2022-22558. HomeKit users should be grateful for Spiniolas for making a stink nigh this situation and getting it resolved.
Source: https://www.tomsguide.com/news/apple-ios-doorlock-homekit-bug
Posted by: flaniganreptereard1957.blogspot.com
0 Response to "iOS 15 flaw could send iPhones into reboot spiral of death — and Apple finally has a fix"
Post a Comment