Apple launches iOS 15.2.1 with HomeKit security fix

HomeKit iOS 15.2.1

Apple has released the latest iOS security and bug fixes with iOS 15.2.1. For those who recently updated to iOS 15.2, it's time to open Settings and start the process again. While it may not seem important to take advantage of these minor updates, this one plugs a dangerous vulnerability in HomeKit.

Those experiencing bugs in various apps should also update right away. Apple has listed two bug fixes included in iOS 15.2.1:

  • Messages may not load photos sent using an iCloud link
  • Third-party CarPlay apps may not respond to input

The iOS 15.2 update brought new features to iPhone, including the Apple Music Voice Plan and the App Privacy Report. Even though iOS 15.3 is in beta testing, these issues were deemed important enough for an immediate fix. iPad owners can also update to iPadOS 15.2.1 to fix the same problems.

HomeKit security fix

Apple published a note regarding the security content of iOS 15.2.1. The problem is that accepting a malicious HomeKit invitation with a long name can brick a device. Apple explains the fix:

  • Impact: Processing a maliciously crafted HomeKit accessory name may cause a denial of service
  • Description: A resource exhaustion issue was addressed with improved input validation

For this reason alone, anyone with a compatible iPhone or iPad should update immediately.

No updates to iOS 14

In other news, Apple had started to allow iOS 14 users to receive security updates, most recently with the release of iOS 14.8.1. Since then, devices on iOS 14 are only given the option to upgrade to iOS 15. Apple has not made an announcement about whether it will continue to deliver updates to iOS 14. However, it appears that iOS 15 is now required to gain the latest security updates and bug fixes.