Vision Pro bug dropped spiders into your VR room
A noted security researcher with a history of finding bugs in Apple products has revealed the most literal of bug exploits: filling Apple Vision Pro users’ virtual workspace with hundreds of lifelike spiders. The exploit, which could be performed remotely and did not require user consent, was addressed by a recent security update from Apple.
Apple described the vulnerability as a logical issue with WebKit that could lead to the processing of web content that “could lead to a Denial-of-Service.” In reality, CVE-2024-27812 was much, much worse if the thought of spiders invading your workplace scares you.
Everything you need to know about the world’s first spatial computing attack
Ryan Pickren, perhaps best known for finding a series of zero-day vulnerabilities in Safari that led to a remote takeover of iPhone and Mac cameras, described this latest discovery as the world’s first spatial computing hack.
Now that the vulnerability has been fixed by Apple and bounty negotiations have been completed, Pickren has published a detailed account of the spider-creating vulnerability, showing how easily it can be exploited.
The vulnerability itself was in Safari for visionOS, the operating system used by Apple’s Vision Pro virtual reality headset. By exploiting it, a malicious website was able to bypass users’ permission warnings and fill a room with any number of fully animated 3D objects. Pickren chose spiders and bats to demonstrate the scary hack. Terrifying for anyone with a fear of spiders or bats, but also because this remote hack caused the animated objects to persist in that virtual space even after the user closed Safari.
On Pickren’s website you can watch videos of the spider invasion in full swing, along with bats taking over an office space.
Instant Spiders powered by old WebKit technology
The hack itself is relatively simple as it exploited a vulnerability that compromised privacy protections around shared personal spaces with Vision Pro. “If an app wants a more immersive experience, they need to get explicit permission from the user via an OS-level prompt that puts them in a familiar ‘Full Space’ context,” Pickren explains. Apple also introduced an experimental feature to enable support for WebXR in the visionOS WebKit, which shipped with a rebuilt full space consent model in a web context to ensure that user consent, through a Safari popup, is manually had to be granted before any 3D objects can be created in this space. This is what you would expect from a privacy perspective, because it is Apple we are talking about after all.
However, Pickren said that Apple appeared to have overlooked a web-based standard for viewing 3D models from 2018, Apple AR Kit Quick Look. Worryingly, the features enabled by this standard worked out-of-the-box and thus did not require any experimental feature enablement. Because this standard did not require a permission model or a link to be clicked by a user, Safari could be operated remotely without user intervention. “If the victim simply views our website in Vision Pro,” Pickren explains, “we can instantly fill their room with hundreds of crawling spiders and screeching bats! Weird things.”
What I found most frightening about this hack was that closing Safari couldn’t stop the virtual spider infestation and the only way to get rid of it was to “manually run around the room to physically tap them all.”