iOS 15.2.1 and iPadOS 15.2.1 Fix Messages Bug and HomeKit Vulnerability

Originally published at: iOS 15.2.1 and iPadOS 15.2.1 Fix Messages Bug and HomeKit Vulnerability - TidBITS

Apple has released highly focused iOS 15.2.1 and iPadOS 15.2.1 updates to tackle two bugs and a nasty HomeKit vulnerability.

1 Like

Installed this update too. I was hoping it would also solve the messages notification problem but it did not. Many messages users are complaining about the notification problem and Apple has done absolutely nothing about it.

Messages when received on an IPhone do not give a sound or banner or visual notification. You have to check yourself to see if you have any new messages.

see the discussions at this link

Interesting. I don’t get that much in Messages, but I do feel like I’ve been missing notifications for some things of late. Perhaps it’s related to what you’re talking about. I’ll have to pay attention more…

1 Like

Let’s step back a bit before reacting in horror that Apple didn’t patch the HomeKit vulnerability sooner. As I read it, it’s more a bug (denial of service) than a data vulnerability issue IMO as it didn’t seem to cause malware to be installed and your data to be stolen.

I would hope that Apple did an assessment of this report and decided that while it needed to be fixed, it was at a lower priority as it wasn’t a zero day that was a target for malware installation or very very unlikely to happen.

What’s annoying is that the reporter of the bug was told when Apple was going to have a fix for it but seemed to have a fit because it didn’t get fixed when he wanted it to. He’s portraying it as Apple foot dragging and ignoring the issue, but you are not hearing Apple’s side of things. Could it in reality be that in the grand scheme of things it wasn’t as important (hurt egos come to mind here).

I agree that the bug itself is not particularly likely to be exploited. It’s more that Apple is doing a poor job of treating security researchers with respect. (This is just the latest example.) If they had worked this fix in earlier, the guy wouldn’t have gone public with it and made them look bad.


Still have issue with Carplay since 15.2 that it no longer defaults to song display but library. I know there is some updates to the Infocenter (Automaker Mazda has firmware updates…atleast 2 since I got the vehicle…waiting to get scheduled). 15.2.1 didn’t resolve.

I know this is a Messages bug fix, but has anyone had issues with phone notifications? I’ve had a number of times where I’m not receiving notifications for quite awhile after the call. This morning I saw the phone notification but the VM one didn’t come in until I got another call and it was time-stamped 20 minutes earlier. Not sure if it’s a phone or carrier (Verizon) thing.


I guess we have different views on who looks bad here. It this was an unpatched zero-day that allows the device to be infiltrated, then I agree that Apple looks bad. Otherwise it looks like whining.
I have no idea what communication went on between the researcher and Apple. I am inferring some things based on what was reported. I do agree with you that it has to be a two way street.
And by “respect for security researchers”, would you happen to mean “bounty”, since it appears that Apple is not as generous in that regard as other companies?

The bounties are some of it, but in reports from security researchers who are unhappy, it largely comes down to Apple being slow to respond, both to communications and in fixing the problems or providing guidance as to when they might be fixed. If Apple isn’t sufficiently rewarding to work with, researchers will either stop looking for vulnerabilities or may even start selling them to the bad guys.

It just seems like common decency—if someone is reporting problems to you for fixing, treat them well.

I agree with you more and more after reading some later postings about the situation. Apple does need to step up its game dealing with security researchers.

1 Like