TapTechNews June 23 - Apple has fixed a vulnerability that affects VisionPro, which allowed malicious websites to generate an unlimited number of virtual 3D objects in users' view out of thin air. These objects could be swarms of bats and would remain even after users exited the Safari browser.
The vulnerability was discovered by a cybersecurity researcher, Ryan Pickren, who said that Apple has taken many measures to prevent such vulnerabilities but missed a crucial detail:
Pickren said that Apple has added specific protections against such attacks in VisionPro's apps. Apple has always been very serious about protecting users' personal space within VisionPro and preventing malicious apps from scaring users by generating virtual items. Fortunately, by default, native apps can only run in a predictable and easily-dismissible shared space.
TapTechNews noted that if developers want to provide a more immersive experience for their apps, they need to obtain users' consent through an operating system-level prompt to switch the app to the trusted full space mode. Websites can also achieve the same effect through an experimental functionality, and Apple has also extended the full space permission model to websites.
However, Apple missed an early augmented reality (AR) feature. This feature, which was developed by Apple in 2018, is still present in the WebKit kernel (including the visionOS system), which allows websites to directly display 3D models in users' view.
Pickren discovered that the VisionOS team seemed to have forgotten an old web-based 3D model viewing standard - Apple ARKit QuickLook. Back in 2018, when Apple first ventured into the AR/VR/XR field, it developed a new HTML-based method for presenting 3D Pixar files called In-Place USDZ Viewing.
After some tests, Pickren found that this functionality is still available in WebKit (including the visionOS version), and even supports the more modern .reality file format created by Apple RealityComposer. In addition to this, this functionality can also add spatial audio effects, making the sounds seem to come directly from the virtual object itself. More importantly, this functionality is enabled by default and does not require users to turn on any additional experimental options.
The severity of this vulnerability lies in that the Safari browser does not have any permission control set for this functionality, nor does it require users to click on a specific link. Malicious websites can programmatically make JavaScript automatically click on links to trigger this functionality, thereby generating any number of 3D objects with 3D effects, animations and sound effects without users' awareness.
This means that as long as the attacker gets the victim to visit a malicious website, hundreds of crawling spiders and screaming bats can be generated in VisionPro instantly, giving users a shock.
Pickren notified Apple of the vulnerability, and Apple has fixed the vulnerability and paid Pickren the corresponding bug bounty.