A Vision Pro bug has released spiders into your VR space
A well-known security researcher with a history of finding bugs in Apple products has revealed the most literal of bug exploits: filling the virtual workspace of Apple Vision Pro users with hundreds of realistic spiders. The exploit, which can be executed remotely and does not require user permission, was patched by a recent Apple security update.
Apple described the vulnerability as a logic issue with WebKit that could lead to processing of web content that “could lead to a denial of service.” In reality, CVE-2024-27812 was much, much worse if the thought of spiders running over your workplace scares you.
Everything you need to know about the world’s first spatial computing attack
Ryan Pickren, perhaps best known for discovering a series of zero-day vulnerabilities in Safari that led to the remote takeover of iPhone and Mac cameras, described this latest discovery as the world’s first spatial computing hack.
With the vulnerability now patched by Apple and bounty negotiations over, Pickren published a detailed account of the spider-creating vulnerability, revealing how easily it could be exploited.
The vulnerability itself resided in Safari for visionOS, the operating system used by Apple’s Vision Pro virtual reality headset. Using it meant that a malicious website could bypass user permission warnings and fill a room with any amount of fully animated 3D objects. Pickren chose spiders, along with bats, to demonstrate the scary hack. Scary for anyone afraid of spiders or bats, but also because this remote hack meant that the animated objects continued to exist in that virtual space even after the user exited Safari.
You can watch videos of the spider invasion in full swing, along with bats taking over an office space, on Pickren’s website.
Instant spiders enabled by old WebKit technology
The hack itself is relatively simple as it uses a vulnerability that mocks privacy protections around shared personal spaces using Vision Pro. “If an application wants a more immersive experience, it must obtain explicit permission from the user through an OS-level prompt that places it in a trusted ‘Full Space’ context,” Pickren explained. Apple also released an experimental feature to enable WebXR support in visionOS WebKit, which came with a reworked Web Context Full Space permission model to ensure that user permission via a Safari popup must be manually granted before any yes 3D objects can be created in this space. It’s what you’d expect from a privacy perspective, since we’re talking about Apple after all.
However, Pickren said that the 2018 web-based 3D model viewing standard, the Apple AR Kit Quick Look, appears to have been overlooked by Apple. Worryingly, the features enabled by this standard work immediately and do not require the activation of an experimental feature. Because Safari did not require a permission model for this standard, nor did the link have to be clicked by a user, it could be used remotely without user interaction. “If the victim simply views our website in Vision Pro,” Pickren explained, “we can instantly fill their room with hundreds of crawling spiders and screeching bats! Strange things.”
For me, the scariest thing about this hack was that closing Safari didn’t stop the virtual spider infestation and the only way to get rid of them was to “manually run around the room to physically touch each one”.
