Apple Fixes VisionOS Vulnerability Allowing Hackers to Fill Virtual Space with 3D Animated Objects
Apple has recently addressed a serious vulnerability in its visionOS software that could have allowed hackers to fill a Vision Pro user’s virtual space with 3D animated objects. Independent researcher Ryan Pickren discovered the bug and reported it to Apple, who rewarded him with a bounty for finding and describing the issue.
The vulnerability stemmed from the way visionOS handles apps that can generate 3D objects within the virtual space of the Vision Pro. While Apple had implemented strict restrictions on this functionality, they overlooked an older web-based 3D model viewing standard called Apple AR Kit Quick Look. By adding a simple code to a website, hackers could bypass Apple’s restrictions and launch an unlimited number of 3D animated objects without any user interaction.
To illustrate the severity of the bug, Pickren demonstrated how it could be used to add virtual spiders and bats into a Vision Pro user’s virtual space. This vulnerability posed a significant threat as it allowed for the first “spatial computing” hack, where a hacker could manipulate the user’s virtual environment.
Fortunately, Apple promptly addressed this vulnerability in the latest version of visionOS, version 1.2. This update ensures that Vision Pro users are now protected from the intrusion of 3D monsters into their virtual lives. However, as technology evolves, it is crucial for companies like Apple to remain vigilant in identifying and addressing potential vulnerabilities to ensure user safety and security.
Overall, this incident highlights the importance of continuous software updates and bug bounty programs in the tech industry. It also serves as a reminder that even seemingly innocent features can have potential security risks if not properly addressed. Users can rest assured knowing that Apple has taken swift action to resolve this issue and protect their virtual experiences.