Apple has released iOS 15.2.1 and iPadOS 15.2.1 updates that fix a dangerous HomeKit vulnerability. But so far only partially

Apple has released small but important updates for smartphones and tablets - iOS 15.2.1 and iPadOS 15.2.1. They do not bring new features, but fix bugs and vulnerabilities.

What for?

According to an Apple security support document, the new firmware fixes a HomeKit vulnerability that was discovered last year. It could lead to the complete inoperability of your iPhone and iPad.

The vulnerability, dubbed "doorLock", is implemented by changing the device name "HomeKit" to more than 500,000 characters. Attempting to load such a large string of characters causes the iOS device to enter a permanent reboot state. The only way to restore is to reset the device, which results in data loss if there is no backup available. However, signing in again to the affected iCloud account associated with the broken device name "HomeKit" may cause the error to reappear.

Attackers exploiting the vulnerability could have used Home prompts rather than the device to provoke an attack.

True, Apple only partially fixed the bug in iOS 15.1 by limiting the length of the name that can be set for a HomeKit device or app. That is, the problem has not been completely solved yet.

In addition, the updates fix the bug due to where photos sent as an iCloud link might not be uploaded in Messages, as well as an error due to which third-party CarPlay apps might not respond to input.

A source: MacRumors