A Vision Pro bug dropped spiders into your VR space
A well-known security researcher with a history of finding bugs in Apple products has revealed the most literal exploit of the bugs: filling the virtual workspace of Apple Vision Pro users with hundreds of live spiders. The exploit, which could be executed remotely and did not require user permission, was fixed in a recent Apple security update.
Apple described the vulnerability as a logical issue with WebKit that could lead to processing of web content that “could lead to a denial of service.” In fact, CVE-2024-27812 was much, much worse if the thought of spiders running over your workplace terrifies you.
Everything you need to know about the world’s first attack on space computers
Ryan Pickren, perhaps best known for finding a series of zero-day vulnerabilities in Safari that led to the remote takeover of iPhone and Mac cameras, described the latest discovery as the world’s first spatial computing hack.
With Apple now patching the vulnerability and reward negotiations complete, Pickren has published a detailed description of the spider-making vulnerability that reveals how easily it can be exploited.
The vulnerability itself was part of Safari for visionOS, the operating system used by Apple’s Vision Pro virtual reality headset. Exploiting it meant that a malicious website could bypass user permission warnings and fill a room with any number of fully animated 3D objects. Pickren chose spiders along with bats to perform the terrifying hack. Scary for anyone with a fear of spiders or bats, but also because this remote hack meant that animated objects persisted in that virtual space even after the user exited Safari.
You can watch videos of the spider invasion in full swing, along with the bats taking over the office space, on Picken’s website.
Instant Spiders enabled by old WebKit technology
The hack itself is relatively simple in that it exploited a vulnerability that mocked the privacy protections around shared personal spaces using Vision Pro. “If an app wants an immersive experience, it needs to receive explicit permission from the user through an OS-level challenge that places it in a trusted ‘full-space’ context,” Pickren explained. Apple also introduced an experimental feature enabling support for WebXR in the visionOS WebKit, which came with a reworked model of full-space permissions in the web context to ensure that user permissions via a Safari popup must be manually granted before any 3D objects can be created in that space. That’s what you’d expect from a privacy perspective, since we’re talking about Apple after all.
However, Pickren said that the 2018 standard for viewing 3D models, the Apple AR Kit Quick Look, seems to be being overlooked by Apple. Disturbingly, the features enabled by this standard worked out of the box and thus did not require any experimental feature enablement. Since Safari did not require a permission model for this standard, nor did the user have to click the link, it could be exploited remotely without user interaction. “If a victim just views our website in Vision Pro,” explained Pickren, “we can instantly fill their room with hundreds of crawling spiders and screeching bats! Strange things.”
For me, the scariest thing about this hack was that closing Safari didn’t stop the virtual spider infestation and the only way to get rid of them was to “manually run around the room and physically tap everyone”.