This bug, according to PhoneArena, is not widely known in the media. Security experts, on the other hand, have been warning Apple since August 10 of last year. For the time being, it’s still running on iOS 15.2.
Although his testing began with iOS 14.7, security researcher Trevor Spiniolas, who disclosed the flaw to Apple, believes that it is likely that phones running all releases of iOS 14 will have it. He also verified that hackers might use this flaw to blackmail iPhone users.
When an iPhone user (running the precise versions of iOS previously listed) changes the name of a HomeKit device to one with 500,000 or more characters then signs back into the iCloud account used with that HomeKit device, two things can happen, according to Spiniolas’ blog post, doorLock (you can see one video).
The Home app will crash as soon as it is opened if no Home devices are enabled in the Control Center, making it impossible to use. Rebooting or restarting the phone won’t help because the Home app will continue to behave the same way as before if you’re linked in to the same iCloud account. If a user has a Home device enabled in the Control Center, iOS will now become unresponsive and perform a “occasional reboot.”
Spiniolas is a writer “Depending on the iOS version, applications with access to Home data of HomeKit device owners may lock users out of their local data and prohibit them from logging back into their iCloud on iOS. Users on any of the described iOS versions could receive email invitations to a Home containing the malicious material…”
Apple postponed the bug patch update for a variety of reasons. However, in early 2022, the business pledges to provide an upgrade that will fully resolve the issue.
Instructions for a quick fix
In the meanwhile, you can temporarily remedy the problem by following the recommendations of a security expert:
- Restore the affected iPhone from Recovery or DFU Mode.
- Setup the device as you would normally do, but refrain from signing back into the iCloud account.
- After setup is finished, go ahead and sign in to iCloud from settings. As soon as you do this, disable the switch labeled “Home.”
The affected handset and iCloud should now work without access to Home data. If you need to have access to Home data and are able to install the testing application with Xcode, follow the three steps posted above and add the following:
- Press the back button and then press Control Center settings again which will reload the page reload the page.
- Keep doing this until a setting labeled “Show Home Controls” is visible. Disable the setting immediately.
- Install the test application and run it using a short string that will change the name of all associated Home devices.
