A recently patched Vision Pro vulnerability has been classified by Apple as a denial-of-service (DoS) issue, but the researcher who found it has demonstrated that it’s actually a “scary” bug.
Apple recently announced the release of version 1.2 of visionOS, the operating system powering its Vision Pro virtual reality headset.
The update addresses several vulnerabilities, but one stands out because it seems to be the first flaw — or at least among the first — that is specific to this product, and it may also be what the reporting researcher has described as the “first ever spatial computing hack”.
Tracked as CVE-2024-27812, the vulnerability is related to the processing of specially crafted web content and, according to Apple, it can lead to a DoS condition.
However, in a blog post published on Friday, Ryan Pickren, the researcher who discovered the vulnerability and reported it to Apple, showed that the impact is much more significant.
The Vision Pro is designed to prevent unauthorized applications from running and entering the user’s personal space.
“By default, native apps are restricted to a ‘Shared Space’ context, where they act predictably and can be easily closed,” the researcher explained. “If an app wants a more immersive experience, they must receive explicit permission from the user via an OS-level prompt that places them in a trusted ‘Full Space’ context.”
In addition, websites visited by the user in Safari via the Vision Pro headset can only spawn 3D objects in the room if they are manually granted permission by the user.
However, Pickren found that Apple omitted applying the same level of protection to ARKit Quick Look, a feature for iOS that the tech giant developed several years ago. He found that the feature is still present in WebKit and it does not require any permissions in Safari.
The researcher showed how this feature could be abused by an attacker to spawn any type of 3D object, including animated and sound-creating objects, just by getting the targeted user to visit a malicious website.
Pickren demonstrated his findings by generating a scary scenario, where hundreds of moving spiders and screeching bats are spawned in the room.
“To make things even freakier — since these animated files are being handled by a separate application (Quick Look) — closing Safari does not get rid of them,” the researcher said. “And because visionOS does not have a Dock or any other Open Apps UI, there is no obvious way to get rid of them besides manually running around the room to physically tap each one.”
The researcher is surprised that Apple has classified the issue as a DoS bug instead of assessing it based on its full impact. He said Apple paid out a bug bounty for his findings, but the exact amount has not been disclosed.
Pickren previously earned significant bug bounties from Apple, and was recently part of a team that developed malware designed to target modern industrial control systems (ICS).
Related: Apple Releases First-Ever Security Updates for Beats, AirPods Headphones
Related: Apple Patches Vision Pro Vulnerability as CISA Warns of iOS Flaw Exploitation
Related: Apple Patches Keystroke Injection Vulnerability in Magic Keyboard
