Hackers could bypass Apple’s restrictions and launch “an arbitrary number of 3D, animated, and sound-generating objects without any user interaction”!
Since its launch this year, the Vision Pro has found itself in some incredible situations, for better and for worse. So, Apple has discovered a flaw in the VisionOS system that could turn the Apple Vision interface into a scene straight out of a horror movieaccording to a publication on the Mashable website.
The vulnerability was exploited by hackers to fill the virtual room with spiderssnakes and various other animals that tend to scare the most, reproduced in 3D.
The attack already considered the first “spatial computing” attack, It was discovered by Ryan Pickren, an independent researcher who had previously found some bugs in Apple software.including nasty camera issues on iPhone and Mac.
Scary 3D objects have invaded Apple Vision
On his blog, Pickren explained that even though Apple has managed to visionOS supports apps that can render 3D objects in your virtual space, but it “forgot” an older web-based 3D model viewing standard called Apple AR Kit Quick Look.
When adding simple code to a website, A hacker could bypass Apple’s restrictions and launch “an arbitrary number of 3D, animated, and sound-generating objects without any user interaction”, as it happened. As Pickren explained on the site:
To avoid a similar scenario, Apple rebuilt the “Full Space” permission model in a web context (the same way it rebuilt the Camera permission model). Websites that want to use WebXR (assuming the user has manually enabled the experimental feature) must obtain manual permission via a pop-up in Safari.
This bug is intriguing not only for its horror potential, but also for its complexity. The idea that a hacker could manipulate your virtual environment in this way is chilling and reminds us of the fragility of technology. the one we trust more and more or the one that, because it is new, we believe to be impenetrable.
According to images shared by Pickren on his blog, the vulnerability looked like this:
The truth is that although many users have surely had the fright of their lives, Apple fixed this vulnerability in June of this year, with the release of visionOS 1.2although Pickren communicated this to the company in February, which gave him an unspecified reward in exchange.
You can follow iPadized on Facebook, WhatsApp, Twitter (X) or check out our Telegram channel to stay up to date with the latest tech news.
