About the security content of visionOS 1.1 – Apple Support

About the security content of visionOS 1.1 - Apple Support

March 7, 2024 at 01:51PM

Summary:
Apple has released updates for multiple CVEs affecting various products such as Accessibility, ImageIO, Kernel, Metal, Persona, RTKit, Safari, UIKit, and WebKit in the Apple Vision Pro. The updates include fixes for issues related to memory handling, input validation, and permissions to address potential security vulnerabilities and impacts on user data and system stability.

From the meeting notes, the following key points were discussed:

– Several CVEs were addressed in the Apple Vision Pro release dated 2024-03-07.
– The issues addressed include memory handling, validation, permissions, and logic issues across various products such as Accessibility, ImageIO, Kernel, Metal, Persona, RTKit, Safari, UIKit, and WebKit.
– The impacts of these issues range from potential arbitrary code execution, disclosure of process memory, unauthorized access to user-sensitive data, to potential bypassing of kernel memory protections and system termination.
– Updates are available for the affected products to mitigate these vulnerabilities.

Please let me know if you need any further information or details on specific points from the meeting notes.

Full Article