Trevorspiniolas

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 15.2.1 iPadOS versions prior to 15.2.1 **Description** A resource exhaustion issue was addressed with improved input validation. Processing a maliciously crafted HomeKit accessory name may cause a denial of service. The issue is related to the HomeKit platform, which allows users to discover and control smart home appliances. An attacker can exploit this issue by sending malicious HomeKit accessory names, causing the device to crash. Additionally, an attacker can send invitations to users with malicious data, potentially leading to data extortion attacks. **Recommendations** For iOS versions prior to 15.2.1, update to iOS 15.2.1 to fix the issue. For iPadOS versions prior to 15.2.1, update to iPadOS 15.2.1 to fix the issue. As a temporary workaround, consider restricting access to HomeKit accessories to minimize the risk of exploitation. Avoid using the `HomeKit accessory name` parameter in affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** watchOS versions prior to 5.2 macOS Mojave versions prior to 10.14.4 Security Update versions prior to 2019-002 for High Sierra Security Update versions prior to 2019-002 for Sierra iOS versions prior to 12.2 **Description** A denial of service issue was addressed with improved validation. Processing a maliciously crafted vcf file may lead to a denial of service. **Recommendations** For watchOS versions prior to 5.2, update to watchOS 5.2 to resolve the issue. For macOS Mojave versions prior to 10.14.4, update to macOS Mojave 10.14.4 to resolve the issue. For Security Update versions prior to 2019-002 for High Sierra, apply Security Update 2019-002 to resolve the issue. For Security Update versions prior to 2019-002 for Sierra, apply Security Update 2019-002 to resolve the issue. For iOS versions prior to 12.2, update to iOS 12.2 to resolve the issue.