Security News > 2022 > January > Apple fixes doorLock bug that can disable iPhones and iPads

Apple fixes doorLock bug that can disable iPhones and iPads
2022-01-12 21:45

Apple has released security updates to address a persistent denial of service dubbed doorLock that would altogether disable iPhones and iPads running HomeKit on iOS 14.7 and later.

Apple has addressed this severe resource exhaustion issue in iOS 15.2.1 and iPadOS 15.2.1 by adding improved input validation which no longer allows attackers to disable vulnerable devices.

"Four months ago I discovered and reported a serious denial of service bug in iOS that still remains in the latest release. It persists through reboots and can trigger after restores under certain conditions," Trevor Spiniolas, the programmer and "Beginning security researcher" who spotted and reported the bug.

"All the requirements are default settings. When someone sets up their iOS device, everything is already in order for the bug to work. If they accept a malicious home invitation from there, their device stops working."

According to Spiniolas, Apple has known about doorLock since August 2021, 2021, but pushed the security update multiple times despite repeatedly promising to fix it.

Apple didn't acknowledge or credit him for the discovery and also asked him to keep quiet and not disclose to others that the company failed to give him credit for the bug.


News URL

https://www.bleepingcomputer.com/news/security/apple-fixes-doorlock-bug-that-can-disable-iphones-and-ipads/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apple 68 212 1433 2208 257 4110