A problem in HomeKit causes iPads and iPhones to freeze and only function again after a full reset.
It concerns the vulnerability CVE-2022-225888 that appears in devices with HomeKit on iOS 14.7. iOS 15.2 and iPadOS 15.2 fixes the issue.
HomeKit is Apple’s protocol to control smart (IoT) devices for the home. The bug is exploited by sending an invitation to pair with a new device, where the attacker renames that device to a string with more than 500,000 characters. Once iOS processes that name, the device freezes or crashes. So it is a kind of DoS attack.
Restarting doesn’t do much either. The problem is only solved when the device is restored to the factory settings.
Trevor Spiniolas discovered the bug. He tells Bleeping Computer that he discovered the bug four months ago and reported it to Apple. In the meantime, Apple has ensured with an update that there is better input validation so that the crashing should no longer happen.