A day after publishing the first press reviews of the headset, Apple released the first security patch for the Vision Pro – to address a zero-day vulnerability
A software vulnerability that is not yet known to users or software developers, and against which protection mechanisms have not yet been developed, and which may have already been exploited by hackers.
The visionOS 1.0.2 update (the OS that runs on Vision Pro) addresses a vulnerability in WebKit, the engine that runs Safari and other web applications. Apple says the bug, if exploited, could allow malicious code to run on an affected device.
The same vulnerability, officially designated as CVE-2024-23222, was patched by Apple last week via the iOS 17.3 update for iPhone, iPad, Mac and Apple TV – all of which rely on WebKit.
Attackers often target weaknesses in WebKit, using them as a way to penetrate the underlying operating system of a device and gain access to a user’s personal data. Engine bugs can sometimes be exploited when a victim visits a malicious domain in their web browser or another application’s browser.
The Vision Pro is expected to be available in US stores as early as Friday, February 2nd for $3,500 and a $149 surcharge for prescription lenses.
Apple has advertised that its mixed reality headset will initially support more than a million apps, including apps from Disney, TikTok, Amazon, Paramount and others. However, according to Bloomberg’s Mark Gurman, about 99% of those are not new software for visionOS, but existing iPad versions. Thus, all of them will automatically appear in the Vision Pro App Store – unless the developers refuse, as, for example, Netflix, Spotify and YouTube plan to do.
Microsoft 365 apps will be available on Apple Vision Pro starting February 2
Source: Techcrunch
