June 11, 2024 at 09:52AM
Apple released visionOS 1.2 to address numerous vulnerabilities, with the standout CVE-2024-27812 specific to the Vision Pro headset. The update also prompted new security advisories for iOS, macOS, and other products, consolidating CVEs. The vulnerabilities could lead to code execution, information disclosure, and DoS, with the acknowledged researcher considering it a pioneering spatial computing hack.
From the meeting notes:
– Apple has released visionOS 1.2, which addresses several vulnerabilities specific to the Vision Pro virtual reality headset.
– The vulnerabilities in visionOS 1.2 primarily affect components shared with other Apple products, such as iOS, macOS, and tvOS.
– The vulnerabilities can lead to arbitrary code execution, information disclosure, privilege escalation, and denial of service (DoS).
– The standout vulnerability, CVE-2024-27812, is specific to the Vision Pro headset and can lead to a DoS condition through the processing of specially crafted web content.
– Apple credited cybersecurity researcher Ryan Pickren for reporting CVE-2024-27812, who confirmed it as a Vision Pro-specific vulnerability.
– Details about the vulnerability are not disclosed until approval from Apple is received.
If you need more detailed information or any further assistance, please let me know.