CVE-2022-22588

Name of the Vulnerable Software and Affected Versions iOS versions prior to 15.2.1 iPadOS versions prior to 15.2.1

Description A resource exhaustion issue was addressed with improved input validation. Processing a maliciously crafted HomeKit accessory name may cause a denial of service. The issue is related to the HomeKit platform, which allows users to discover and control smart home appliances. An attacker can exploit this issue by sending malicious HomeKit accessory names, causing the device to crash. Additionally, an attacker can send invitations to users with malicious data, potentially leading to data extortion attacks.

Recommendations For iOS versions prior to 15.2.1, update to iOS 15.2.1 to fix the issue. For iPadOS versions prior to 15.2.1, update to iPadOS 15.2.1 to fix the issue. As a temporary workaround, consider restricting access to HomeKit accessories to minimize the risk of exploitation. Avoid using the HomeKit accessory name parameter in affected API endpoints until the issue is resolved.