A new denial of service (DoS) vulnerability dubbed “doorLock” was recently revealed in Apple HomeKit, impacting iOS 14.7 through 15.2. Apple HomeKit is a software framework that lets iPhone and iPad users control smart home appliances from their devices.
According to the researcher who disclosed the details, Apple has been aware of the vulnerability since August 2021, but has not addressed the issue.
To trigger ‘doorLock,’ an attacker would change the name of a HomeKit device to a string larger than 500,000 characters.
To demonstate the doorLock bug, Spinolas, the original researcher who uncovered the bug,. has released a proof-of-concept exploit in the form of an iOS app that has access to Home data and can change HomeKit device names.