Apple has now officially released iOS 11.2.1 to the general public, which, in all honesty, may have come as a surprise to some given how quickly it has arrived after the release of iOS 11.2.

The immediate availability of iOS 11.2.1 not only means that all compatible device owners have yet another version of iOS 11 to download, but also that they can get to grips with the official changelog provided by Apple to see exactly what has changed.

As is generally the case with Apple, when a version of iOS is in a pre-release state it’s very difficult to get information from the company about any changes. When that version moves to a public release, an official set of release notes are published alongside the update to let device owners know exactly what they are getting. iOS 11.2.1 is a slight anomaly in that process as there was no actual pre-release in place due to the nature of the fixes it contains. Where iOS 11.2 was a fairly big release with a number of new and important improvements and feature additions, iOS 11.2.1 is simply a bug fix which contains a very important patch for a 0-day vulnerability found which affects HomeKit and connected devices.

As previously reported, this issue would allow malicious individuals to take control of HomeKit-enabled devices, including smart locks protecting a property, when iOS 11.2 was installed on a device. Given the seriousness of that issue, Apple immediately introduced a temporary server-side fix to prevent the problem from happening and has now issued a proper fix for it in iOS 11.2.1 update, as reflected in the changelog below:

iOS 11.2.1 fixes bugs including an issue that could disable remote access to shared users of the Home app.

It seems that Apple is going through a slightly tumultuous time at the moment where software and the discovery of bugs are concerned. Rather than having the time to focus on making the right improvements in the right place, and ensuring that each release is error-free and fit-for-purpose, it seems that the company is firefighting and having to bring releases forward to patch bugs which keep popping up.

We’ve recently seen this with an urgent release of macOS 10.13.2 to properly fix the root login bypass bug, the early release of iOS 11.2 to fix a boot loop issue for date bug, and now the release of iOS 11.2.1 to fix a 0-day found in HomeKit.

Update x1: Apple has now also posted security content details on iOS 11.2.1:

HomeKit

Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation

Impact: A remote attacker may be able to unexpectedly alter application state

Description: A message handling issue was addressed with improved input validation.

CVE-2017-13903: Tian Zhang

You may also like to check out:

You can follow us on Twitter, add us to your circle on Google+ or like our Facebook page to keep yourself updated on all the latest from Microsoft, Google, Apple and the Web.

Related Stories