Apple fixes zero-day vulnerability in Vision Pro after suspected hacker attack
One of the first security patches for the Apple Vision Pro headset was an update that was aimed at fixing a zero-day vulnerability.
Security patch for Vision Pro
Fixing a vulnerability in WebKit
Apple has released an update to visionOS 1.0.2, which is designed to fix a vulnerability in the WebKit engine, which is responsible for the operation of the Safari browser and other web applications. The company said the flaw, if exploited, could allow malicious code to run on a vulnerable device.
Protection against hacker attacks
A similar vulnerability with CVE-2024-23222 has already been fixed Apple last week released iOS 17.3 for iPhone, iPad, Mac and Apple TV, which also run WebKit.
Attackers often target weaknesses in WebKit to gain access to a device's operating system and steal users' personal data. Engine errors can be exploited, for example, when a user visits a malicious website in their browser or application.
Expectations for the Vision Pro
US stores will soon offer the Vision Pro headset for $3,500, with an additional $149 charge for prescription lenses.
Apple stated that the Vision Pro headset will support more than a million apps including Disney, TikTok, Amazon, Paramount and others. However, many of these apps already exist and are designed for the iPad. However, they will all be available on the Vision Pro App Store unless the developers opt out, as Netflix, Spotify and YouTube plan to do.
Answers to questions
Apple released the first security patch for the Vision Pro headset a day after the first journalistic reviews were published.
Apple has fixed a vulnerability in WebKit, the engine used by Safari and other web programs, with the visionOS 1.0.2 update.
The iOS 17.3 update is rolling out to iPhone, iPad, Mac and Apple TV, all of which rely on WebKit.
- Vision Pro: This is Apple's mixed reality headset, available in US stores starting February 2nd.
- visionOS 1.0.2: The operating system running on the Vision Pro headset, with an update to fix a vulnerability in WebKit.
- WebKit: The engine that runs Safari and other web programs, patching it to help prevent your device from being hacked.
- CVE-2024-23222: Official designation of the vulnerability fixed by Apple with the iOS 17.3 update.