"Apple Patches Vision Pro Vulnerability Used in Possibly First Ever Spatial Computing Hack"

Apple recently updated visionOS, the operating system powering its Vision Pro virtual reality headset, to version 1.2, which addresses several vulnerabilities, including what may be the first security flaw that is specific to this product.  The company noted that the update patches nearly two dozen vulnerabilities.  However, a vast majority of them are in components that visionOS shares with other Apple products, such as iOS, macOS and tvOS.  Apple noted that the vulnerabilities can lead to arbitrary code execution, information disclosure, privilege escalation, and denial of service (DoS).  The vulnerability CVE-2024-27812 appears to be the only CVE specific to the Vision Pro headset, as it’s not listed in the advisories for any Apple product other than visionOS. According to Apple, CVE-2024-27812 is related to the processing of specially crafted web content, and exploitation can lead to a DoS condition. Apple noted that the issue was addressed with improvements to the file handling protocol. 

 

SecurityWeek reports: "Apple Patches Vision Pro Vulnerability Used in Possibly First Ever Spatial Computing Hack"

Submitted by Adam Ekwall on