The Vision Pro glitch threw spiders into your VR space
A well-known security researcher with a history of finding bugs in Apple products has revealed the truest exploits of the bugs: filling the virtual workspace of Apple Vision Pro users with hundreds of live spiders. The exploit, which could be executed remotely and did not require user permission, was fixed by a recent Apple security update.
Apple described the vulnerability as a logic issue with WebKit that could lead to web content processing that “could lead to a denial of service.” In reality, CVE-2024-27812 was much, much worse if the thought of spiders invading your workplace scares you.
Everything you need to know about the world’s first space hacking attack
Ryan Pickren, perhaps best known for finding a series of zero-day vulnerabilities in Safari that led to remote control of iPhone and Mac cameras, described this latest discovery as the world’s first space computer hack.
With the vulnerability now patched by Apple and the bounty negotiations complete, Pickren has published a detailed description of the spider-creating vulnerability revealing how easily it can be exploited.
The vulnerability itself was within Safari for visionOS, the operating system used by Apple’s Vision Pro virtual reality headset. Its exploit meant that a malicious website could bypass user permission warnings and fill a room with an arbitrary amount of fully animated 3D objects. Pickren chose spiders, along with bats, to demonstrate the creepy hack. Scary for anyone afraid of spiders or bats, but also because this remote hack meant that animated objects persisted in that virtual space even after the user exited Safari.
You can watch videos of the spider invasion in full motion, along with bats invading an office space, on Pickren’s website.
Instant spiders powered by legacy WebKit technology
The hack itself is relatively simple in that it exploited a vulnerability that mocked privacy protections around shared personal spaces using Vision Pro. “If an app wants a more immersive experience, it needs to get explicit permission from the user via an OS-level notification that places them in a trusted Full Space context,” Pickren explained. Apple also introduced an experimental feature to enabled support for WebXR in visionOS WebKit that came with a refactored full-space permission model in a web context to ensure that user permission, via a Safari popup, had to be manually granted before any In this space 3D objects can be created, which is what you’d expect from a privacy perspective, since we’re talking about Apple after all.
However, Pickren said that 2018’s web-based 3D model viewing standard, the Apple AR Kit Quick Look, appears to have been overlooked by Apple. Disturbingly, the features enabled by this standard worked out of the box and thus did not require experimental feature activation. Because Safari did not require a permission model for this standard, nor did a user have to click a link, it could be exploited remotely without user interaction. “If the victim just looks at our website in Vision Pro,” explained Pickren, “we can instantly fill their room with hundreds of crawling spiders and squealing bats! Weird stuff.”
For me, the scariest thing about this hack was that closing Safari didn’t stop the virtual infestation of spiders, and the only way to get rid of them was to “manually run around the room to physically hit each one.”