A recently discovered vulnerability (CVE-2024-27812) in the Apple Vision Pro headset allowed hackers to bypass device security mechanisms and flood user’s environments with animated 3D objects – such as spiders and bugs – through a Safari exploit. These objects persisted even after exiting Safari, making for a uniquely unsettling environment.
Apple addressed the vulnerability this month after security researcher Ryan Pickren had disclosed the flaw in February, awarding the researcher a bounty. The bug highlights the challenges in securing ‘spatial computing’ devices.
Spatial Hack in Apple Vision Pro Devices
Apple designed the Vision Pro with strict privacy controls. This includes limiting device apps to a default ‘Shared Space’ and mandating explicit user consent for more engaging and immersive content. Websites must also obtain explicit user permission to generate 3D content within a user’s physical environment.
However, Pickren discovered that the AR Quick Look feature that had been introduced in 2018 for iOS remained active in the visionOS without the implementation of proper safeguards. This oversight allowed websites to manipulate HTML anchor tags to spawn unlimited 3D objects coupled with animations and spatial audio.
By adding specific anchor tags to webpages, malicious websites can instruct Safari to render a 3D model, surprisingly without any form of user interaction. “If the victim just views our website in Vision Pro, we can instantly fill their room with hundreds of crawling spiders and screeching bats,” Pickren explained. “Freaky stuff,” he exclaimed.
The researcher stated that the exploit code is straightforward and that closing Safari doesn’t get rid of the 3D objects, as they are handled by a separate application.
“To make things even freakier – since these animated files are being handled by a separate application (Quick Look), closing Safari does not get rid of them,” Pickren noted. He added, “There is no obvious way to get rid of them besides manually running around the room to physically tap each one.”
Bug Reporting and Gaps in Vulnerability Assessment
After trying to disclose the flaw to Apple, the researcher felt the tech giant had downplayed its relation to spatial computing and the generation of 3D objects, instead focusing on the potential for system crashes and reboots.
The CVE description claimed that the issue had been addressed by improving the file handling protocol, which the researcher believed was unrelated to the bug. This highlights the challenges of triaging and classifying bugs in emerging fields such as Spatial Computing.
The researcher believes the bug’s impact goes beyond simple system crashes or reboots, raising questions about the security and privacy of the technology and the need for reevaluating existing threat models.
“Perhaps it’s time for Apple to re-evaluate their Vision Pro threat model,” Pickren suggested. “This is a deeply personal product and classic vulnerability triaging guidelines may not capture the full impact anymore.”
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
