Apple Vision Pro Exploit unleashes virtual spider infestation

A renowned security researcher, known for identifying bugs in Apple products, recently discovered an exploit that could fill the virtual workspace of Apple Vision Pro users with hundreds of realistic spiders. The exploit did not require user permission and could be executed remotely. Apple has since addressed the vulnerability, which they described as a logic issue with WebKit that could cause web content to be processed, potentially causing a denial of service.

The researcher, Ryan Pickren, previously identified several zero-day vulnerabilities in Safari that allowed remote capture of iPhone and Mac cameras. He described the latest find as the world's first space hack. Now that Apple has fixed the vulnerability, Pickren has shared a detailed account of the spidering vulnerability, revealing how easily it could be exploited.

The vulnerability was found in Safari for visionOS, the operating system used by Apple's Vision Pro virtual reality headset. The exploit allowed a malicious website to bypass user permission prompts and fill a room with an arbitrary number of fully animated 3D objects. Pickren used spiders and bats to demonstrate the hack, which was particularly alarming because the animated objects remained in virtual space even after the user exited Safari.

The hack exploited a vulnerability that undermined privacy guarantees for personal spaces shared using Vision Pro. Apple had previously released an experimental feature to support WebXR in visionOS' WebKit, which came with a refactored full-space permission model to ensure that user permission had to be manually granted before it could be created no 3D objects in this space.

However, Pickren found that a web-based 3D model visualization standard from 2018, Apple AR Kit Quick Look, seemed to have been overlooked by Apple. Features enabled by this standard worked out of the box and did not require any experimental feature activation. Because Safari did not need a permission model for this standard, it could be exploited remotely without user interaction. The most disturbing aspect of this hack was that closing Safari did not stop the virtual spider infestation; the only way to get rid of them was by physically touching each one in the room.