HomeKit bug affecting iOS disclosed by security researcher

A vulnerability in iOS that uses HomeKit as an attack vector involving very long device names, has been disclosed after a researcher disclosed it to Apple in August 2021.As with its other products, Apple is keen on keeping HomeKit as secure as possible for its users. In a disclosure published on January 1, it seems that there is a bug in the smart home platform that could cause problems for its users.According to security researcher Trevor Spiniolas, if a HomeKit device name is changed to a “very long string,” set at 500,000 characters in testing, iOS and iPadOS devices that loads the string can be rebooted and made unusable. Furthermore, since the name is stored in iCloud and gets updated across all other iOS devices signed into the same account, the bug can reappear repeatedly. Read more…
Go to Source
Author: