Apple has fixed a visionOS vulnerability that allowed a hacker to fill a Vision Pro user’s virtual space with 3D animated objects.
When spelled out like this, it doesn’t sound that scary, but replaced “3D animated objects” with spiders, bats, snakes, or anything else that scares you, and you’ve got yourself one of the most intriguing and ominous bugs we’ve ever heard of.
The vulnerability for was discovered by Ryan Pickren, an independent researcher who already found a couple of bugs in Apple’s software, including nasty iPhone and Mac camera issues. Pickren told Mashable via email that he believes the bug he’d found in visionOS allows for the first “spatial computing” hack. He also said that Apple awarded him a bounty for finding and describing the issue.
Mashable Light Speed
The bug stems from the way visionOS handles apps that can spawn 3D objects in your virtual space while you’re using the Vision Pro. As Pickren explained on his blog, the company severely restricted who and what can do this in most cases, but “forgot” about an older, web-based 3D model viewing standard called Apple AR Kit Quick Look. By adding some simple code to a website, a hacker could bypass Apple’s restrictions and launch “an arbitrary number of 3D, animated, sound-creating, objects without any user interaction whatsoever.”
GET US OUT OF HERE
Credit: Ryan Pickren
Pickren supplied some examples by tapping into a lot of folks’ worst nightmares: by adding virtual spiders and bats into a Vision Pro user’s virtual space.
Fortunately, Apple fixed this vulnerability in visionOS 1.2, which launched earlier this month, though the company’s description (unsurprisingly) don’t mention eight-legged arthropods.
In any case, it appears Vision Pro users are safe from 3D monsters bursting into their virtual life — for now.
Topics
Apple
Augmented Reality