iOS 15.2.1 fixes critical flaw — update your iPhone now

iOS 15.2.1 fixes disquisitional flaw — update your iPhone now

(Image credit: Shutterstock)

Update: Apple tree has released an update for iOS 15 to plug more security holes .

If you have a recent iPhone or iPad so you'll want to update it to the newly released iOS 15.two.one and iPadOS 15.ii.one, equally this update fixes a nasty security flaw that could send your iPhone into a reboot spiral of death.

This problems was discovered by security researcher Trevor Spiniolas at the beginning of January and involved Apple's HomeKit service, which provides the software interface between iPhones and iPads and some of the all-time smart abode devices.

The vulnerability could permit hackers to set a HomeKit uniform device with a very long proper name, some 500,000 characters in length, which would then trigger an iOS or iPadOS device to repeatedly crash when trying to connect to it.

This denial of service assault would demand to entice users to connect to a compromised HomeKit device, but curiosity when setting up smart home devices and the range at which they tin be connected to spanning apartments or buildings, could brand this a distinct possibility. However, the likely vector of attack would be a hacker using the Apple Dwelling house app to send an invite to targeted users asking them to bring together their 'Home' and thus exist exposed to a network with a compromised HomeKit device.

What's more, as iOS and iPadOS fill-in HomeKit device names to iCloud, it could trigger affected iPhones and iPads to suffer from an countless loop of crashes. And rebooting or updating an affected iPhone or iPad won't prepare the problem either, with any attempt to backup from previously used iCloud information too triggering the crash bicycle.

Ultimately, a factory reset would be needed and thus result in data loss; Spiniolas suggested this bug could exist used by hackers to perform ransomware attacks, forcing victims to part with money or lose access to their iOS or iPadOS data.

But with iOS and iPadOS 15.2.one, the ability to put in excessively long HomeKit device names has been curtailed, and thus the bug has been squashed. Then if you've notwithstanding to do it, we very much recommend you update to the latest version of iOS and iPadOS, every bit device running versions dating back to iOS 14.7 are vulnerable to this exploit.

And as always, we propose being cautious near the networks you lot connect your devices to. If an unknown user or device asks for permission to connect to your phone, tablet or laptop, and then make sure y'all know information technology's non malicious. We'd advise treating such situations with extreme caution until you know you lot're continued to a trusted device or network.

Roland Moore-Colyer is U.K. Editor at Tom's Guide with a focus on news, features and opinion articles. He often writes well-nigh gaming, phones, laptops and other bits of hardware; he'south also got an interest in cars. When not at his desk Roland can exist found wandering around London, oftentimes with a await of marvel on his confront.