CERT-In Advisory
CIAD-2022-0002
Denial of Service vulnerability in Apple iOS and iPadOS (doorLock)
Original Issue Date: January 13, 2022
Severity Rating: Medium
Systems Affected
- Apple iOS and iPadOS prior to 15.2.1
- Phone 6s and later
- iPad Pro (all models)
- iPad Air 2 and later
- iPad 5th generation and later
- iPad mini 4 and later
- iPod touch (7th generation)
Overview
A vulnerability has been reported in AppleiOS and iPadOS which could be exploited by a remote attacker to perform a Denial of Service (condition)on a targeted device.
Description
The vulnerability exists due to uncontrolled resource consumption when processing a malicious HomeKit accessory name.
A remote attacker could exploit this vulnerability by sending a specially crafted data to the application resulting in Denial of Service (condition)on the targeted device.
Solution
Update to iOS 15.2.1 and iPadOS 15.2.1
https://support.apple.com/en-us/HT213043
Vendor Information
Apple
https://support.apple.com/en-us/HT213043
References
Apple
https://support.apple.com/en-us/HT213043
CVE Name
CVE-2022-22588
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Email: info@cert-in.org.in Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In) Ministry of Electronics and Information Technology Government of India Electronics Niketan 6, CGO Complex, Lodhi Road, New Delhi - 110 003 India
|