December 11, 2024 at 01:33PM
Apple Vision Pro’s visionOS 2.2 has multiple vulnerabilities addressed through updates, including permissions issues, memory handling improvements, and enhanced network security. Notable CVEs include CVE-2024-54513, CVE-2024-54486, and CVE-2024-45490, which could lead to data exposure, unexpected app termination, or memory corruption. Update available on December 11, 2024.
### Meeting Takeaways:
**Release Information:**
– **Apple ID:** 121845
– **Release Date:** December 11, 2024
– **Affected Product:** Security content of visionOS 2.2
– **Update Available For:** Apple Vision Pro
**Key Vulnerabilities (CVE-Details):**
1. **CVE-2024-54513**
– **Description:** Permissions issue addressed with additional restrictions.
– **Impact:** An app may access sensitive user data.
2. **CVE-2024-54486**
– **Description:** Improved checks implemented.
– **Impact:** Maliciously crafted font may disclose process memory.
3. **CVE-2024-54500 / CVE-2024-44245**
– **Description:** Improved memory handling to resolve issues.
– **Impact:** Possible unexpected system termination or kernel memory corruption.
4. **CVE-2024-54494**
– **Description:** Race condition resolved with additional validation.
– **Impact:** Potential for creation of writable read-only memory mapping.
5. **CVE-2024-45490**
– **Description:** Vulnerability in open source code, affecting Apple software.
– **Impact:** Remote attacker could cause unexpected app termination or arbitrary code execution.
6. **CVE-2024-54492**
– **Description:** Utilizing HTTPS for network data transmission.
– **Impact:** Attacker in a privileged network position could alter network traffic.
7. **CVE-2024-54501, CVE-2024-54479, CVE-2024-54502, CVE-2024-54508, CVE-2024-54505**
– **Description:** Type confusion issues addressed with improved memory handling.
– **Impact:** Processing of malicious web content could lead to memory corruption.
8. **CVE-2024-54534**
– **Description:** Improved memory handling implemented.
– **Impact:** Potential for memory corruption from malicious web content.
### Summary:
Several vulnerabilities in visionOS 2.2 affecting the Apple Vision Pro have been addressed, primarily focusing on memory handling and security restrictions to protect against unauthorized access and data disclosure. Updates are available starting December 11, 2024.